[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL / DIGEST-MD5

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: SASL / DIGEST-MD5
From: Francois Beretti <francois.beretti@enatel.com>
Date: 14 Mar 2003 17:28:39 +0100
Cc: Liste OpenLDAP Software <openldap-software@OpenLDAP.org>
In-reply-to: <55951604.1047629863@cadabra.stanford.edu>
References: <1047647788.7120.10.camel@linux-integ> <45675758.1047622972@cadabra-dsl.stanford.edu> <1047655985.7120.44.camel@linux-integ> <55951604.1047629863@cadabra.stanford.edu>

Le ven 14/03/2003 à 17:17, Quanah Gibson-Mount a écrit :
> > I have to add "by anonymous search" in the third ACL to get it working
> > And after that I can comment the first ACL without effect
> 
> Yup.  If you want, and can figure out exactly what it information it is 
> wanting to look at, you can restrict this even more.  For us, any incoming 
> connection needs access to the krb5PrincipalName attribute (since we are 
> doing GSSAPI authentication for our applications), so I have the line:
> 
> access to attr=krb5PrincipalName,member
>         by * search
> 

ok, but I believe that the information accessed by DIGEST-MD5 mechanism
is the userPassword attribute, so I don't want it to be world readable
:)

Am I wrong ?

Francois

> --Quanah
> 
> 
> --
> Quanah Gibson-Mount
> Senior Systems Administrator
> ITSS/TSS/Computing Systems
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
> 
>

Follow-Ups:
- Re: SASL / DIGEST-MD5
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- SASL / DIGEST-MD5
  - From: Francois Beretti <francois.beretti@enatel.com>
- Re: SASL / DIGEST-MD5
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: SASL / DIGEST-MD5
  - From: Francois Beretti <francois.beretti@enatel.com>
- Re: SASL / DIGEST-MD5
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Is a binary slurpd for W2K available ?
Next by Date: Re: what if slapd hangs???
Index(es):
- Chronological
- Thread