[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL External Clarification

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: SASL External Clarification
From: Francois Beretti <francois.beretti@enatel.com>
Date: 12 Mar 2003 17:24:53 +0100
Cc: Liste OpenLDAP Software <openldap-software@OpenLDAP.org>
In-reply-to: <5.2.0.9.0.20030312072342.029df0a0@127.0.0.1>
References: <5.2.0.9.0.20030312072342.029df0a0@127.0.0.1>

Le mer 12/03/2003 à 16:30, Kurt D. Zeilenga a écrit :
> >Now anonymous bind should be forbidden
> >Am I wrong ?
> 
> Yes.
> 
> A "by anonymous auth" clause statement says:
>         "An anonymous client can access the target directory
>        information for authentication purposes."
> 
> Since the credentials are not held in the directory, there
> client doesn't not need access to the directory to
> authentication.
> 
> Examples of credentials not held in the directory include
> "rootpw", sasldb, Kerberos tickets, AF_UNIX peer eid, and
> PKI certificates.

ok, what you want to say is that sasl external is particular (credential
can be accessible whithout any access on the directory) and that
particularity makes possible to anonymously bind to the directory
without any access, and so without such a clause statement

I think everything is clear for me :)

thanks Kurt

Francois

References:
- Re: SASL External Clarification
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: logging in as root takes ages...
Next by Date: Linux Password encryption on Solaris 8
Index(es):
- Chronological
- Thread