[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS-based authentication?

To: Greg Matthews <gmatt@nerc.ac.uk>
Subject: Re: TLS-based authentication?
From: Stephen Frost <sfrost@snowman.net>
Date: Thu, 26 Jun 2003 14:03:04 -0400
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <1056648130.12911.508.camel@lea.nerc-wallingford.ac.uk>
References: <20030626161744.GX20969@ns.snowman.net> <1056648130.12911.508.camel@lea.nerc-wallingford.ac.uk>
User-agent: Mutt/1.5.4i

* Greg Matthews (gmatt@nerc.ac.uk) wrote:
> TLS is a method of negotiating encryption and not an authentication
> method. Therefore you can use simple authentication with TLS transport
> for secure connections or if you're really going to push the boat out
> have a play with sasl and TLS.

Ah, you can do TLS auth using certificates and sasl external.  The
question was if anyone was doing it.  I've received one response so far
indicating they were using it, or working on setting it up.

> Also, I'm pretty sure that TLS comes with Openssl so its not a seperate
> package.

Using Openssl isn't an option due to it's licenseing.  It is
incompatible with GPL'd programs which is why we are working to add
support for GNU TLS to OpenLDAP, as an option to use instead of OpenSSL.

	Thanks,

		Stephen

Attachment: pgpteaDcDe3no.pgp
Description: PGP signature

Follow-Ups:
- RE: TLS-based authentication?
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- TLS-based authentication?
  - From: Stephen Frost <sfrost@snowman.net>
- Re: TLS-based authentication?
  - From: Greg Matthews <gmatt@nerc.ac.uk>

Prev by Date: RE: solaris 9 ldap client with tls?
Next by Date: Last attempt at TLS/SSL
Index(es):
- Chronological
- Thread