[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: draft minutes from Chicago meeting
Paul,
But the issue is different for most of these servers. In most cases
(except for the web server, of course) the client won't need to contact
several servers. Since we do not have chaining in stand-alone LDAP
servers, referrals is the only way to get hold of information stored in
other LDAP servers and the client will need to authenticate with all of
them the same way.
Cheers, ....Erik.
----------------------------------------------
Erik Skovgaard
GeoTrain Corp.
Enterprise Directory Consulting and Training
http://www.geotrain.com
At 15:29 03/10/98 -0700, Paul Leach wrote:
>
>
>> -----Original Message-----
>> From: Phil Pinkerton [mailto:phil%jade@wg.icl.co.uk]
>> Sent: Friday, October 02, 1998 6:35 AM
>> To: ietf-ldapext@netscape.com; Erik Skovgaard
>> Subject: Re: draft minutes from Chicago meeting
>>
>. If
>> you are proposing TLS client authentication using
>> certificates to validate a
>> client then I can see how this would work and get around your
>> distribution
>> issues, but this is heavy to mandate when 90% (my guess) of the LDAP
>> directory deployments out there are probably single-server.
>
>Maybe they only have one LDAP server, but that also have mail, web, FTP,
>news, and other servers. That's why it's important to use a mechanism that
>supports all those protocols, and that allows a third party auithentication
>service, so each application server doesn't have to be configured with its
>own copy of the authentication database -- a truly bad thing from a security
>standpoint.
>
>Paul
>
>
>