[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authmeth: unsupported <TLS+anonymous bind>

To: ietf-ldapbis@OpenLDAP.org
Subject: Re: authmeth: unsupported <TLS+anonymous bind>
From: John McMeeking <jmcmeek@us.ibm.com>
Date: Mon, 16 Feb 2004 08:52:29 -0600
In-reply-to: <s0302616.063@prv-mail20.provo.novell.com>




That sounds fine.

John  McMeeking


"Roger Harrison" <RHARRISON@novell.com> wrote on 02/16/2004 03:08:03 AM:

> For authmeth -10, the single, consolidated section on anonymous
> authentication now states that LDAP implementations MUST support
> anonymous authentication with no other qualifications. The fact that
> Start TLS is a required-to-implement operation implies that
> implementations MUST support anonymous authentication when TLS is
established.
>
> Roger
>
> >>> Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 1/3/2004 7:34:17 AM
>>>
> authmeth-09 says:
>
> > 5. Anonymous Authentication
>
> > LDAP implementations MUST support anonymous authentication, as
> > defined in section 5.1.
> >
> > LDAP implementations MAY support anonymous authentication with TLS,
> > as defined in section 5.2.
>
> Huh? Why allow implementations to not support anonymous
> authentication on secure connections, but support it on insecure
> ones? I could understand it if it was the other way around - along
> with not implementing Simple Bind at all without TLS.
>
> --
> Hallvard

References:
- Re: authmeth: unsupported <TLS+anonymous bind>
  - From: "Roger Harrison" <RHARRISON@novell.com>

Prev by Date: Re: authmeth-07 issues
Next by Date: Re: authmeth: missing protection
Index(es):
- Chronological
- Thread