[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication Methods for LDAP - last call

To: Paul Leach <paulle@microsoft.com>
Subject: Re: Authentication Methods for LDAP - last call
From: Tim Howes <howes@netscape.com>
Date: Thu, 20 Aug 1998 13:44:51 -0700
Cc: 'Chris Newman' <Chris.Newman@INNOSOFT.COM>, IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
References: <CB6657D3A5E0D111A97700805FFE65875D750B@RED-MSG-51>
Resent-date: Thu, 20 Aug 1998 13:44:21 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"gfdg41.0.lE5.Yg8tr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Paul Leach wrote:
> 
> It won't help. Even if there were only one ACL per system (extremely
> unlikely), you can never get to all the systems to change it, because _any
> system in the world_ could have an ACL with the user's DN on it.

The statement that "It won't help" is just not true.
Perhaps you mean "It won't completely solve the problem".
That is certainly true. But it does help. In fact, it
helps quite a lot.

> Complete, up-to-date, knowledge in a distributed system is impossible.

This is a true statement. But you seem to imply that
the logical consequence of this is that complete, utter,
unmitigated chaos must reign. That's not true, except
perhaps in some computer science sense that is less than
interesting to anybody using the technology.
            -- Tim

References:
- RE: Authentication Methods for LDAP - last call
  - From: Paul Leach <paulle@microsoft.com>

Prev by Date: Re: Authentication Methods for LDAP - last call
Next by Date: RE: Authentication Methods for LDAP - last call
Index(es):
- Chronological
- Thread