[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: comments on draft-ietf-ldapext-authmeth-01.txt

To: Jeff.Hodges@stanford.edu
Subject: Re: comments on draft-ietf-ldapext-authmeth-01.txt
From: howes@netscape.com (Tim Howes)
Date: Wed, 25 Mar 1998 11:47:53 -0800
Cc: Mark Wahl <M.Wahl@critical-angle.com>, Bob.Morgan@stanford.edu, ietf-ldapext@netscape.com
Delivered-to: ldapext-archive@critical-angle.com
Organization: Netscape Communications
References: <199803251924.LAA28769@Wind.Stanford.EDU>
Resent-date: Wed, 25 Mar 1998 11:46:21 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"GBP0S.0.425.CyL6r"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I think requiring the creation of an entry is too large
a burden. But there's no requirement that the DN
you specify in an authentication request actually
corresponds to an entry in the tree. I'm just suggesting
that there may be defined algorithmic mappings from
an external auth id scheme (e.g., principal@realm in
kerberos) to a DN (e.g., krbname=principal@realm).
            -- Tim

Jeff.Hodges@stanford.edu wrote:

> Just to test my understanding..
>
> >  Explicitly state in the document
> > that other schemes can easily be encapsulated in the DN
> > syntax.
>
> By this I presume you're alluding to something akin to..
>
>   One may provide for mapping authorization (authz) identities which are
> expressed in syntactic forms *other* than DNs, by creating entries for the
> appropriate entities and providing the DN-to-foreign-authz-id mapping in those
> entries, per the recommendations in Section X.X of [docRefHere].
>
> ?
>
> thanks,
>
> Jeff

References:
- Re: comments on draft-ietf-ldapext-authmeth-01.txt
  - From: Jeff.Hodges@stanford.edu

Prev by Date: Re: comments on draft-ietf-ldapext-authmeth-01.txt
Next by Date: Re: LAST CALL: draft-ietf-ldapext-referral-00.txt
Index(es):
- Chronological
- Thread