[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Beginning taxonomy for finding LDAP servers.
Date forwarded: Sun, 9 May 1999 16:55:29 -0700 (PDT)
From: Alan Lloyd <Alan.Lloyd@OpenDirectory.com.au>
To: "'d.w.chadwick@iti.salford.ac.uk'" <d.w.chadwick@iti.salford.ac.uk>,
Ryan Moats <jayhawk@att.com>, ietf-ldapext@netscape.com
Subject: RE: Beginning taxonomy for finding LDAP servers.
Date sent: Mon, 10 May 1999 09:55:20 +1000
Forwarded by: ietf-ldapext@netscape.com
> David - But what about distributed authentication and common access
> control?
> As this will only work as read only - public LDAP servers. It makes all
> the security effort with LDAP wasted - as well. regards alan
You are correct that this will not work with password based
authentication unless each users password is replicated in each
LDAP server - clearly not scalable or manageable. It will work
though for public read only directories, or for private corporate
directories that allow unauthenticated Binds to retrieve the public bits
of their private directory. It will also work for public key
authentication if directories allow unathenticated access to retrieve
CRLs, and users send their certificates on the Bind.
David
>
***************************************************
David Chadwick
IT Institute, University of Salford, Salford M5 4WT
Tel +44 161 295 5351 Fax +44 161 745 8169
*NEW* Mobile +44 790 167 0359 *NEW*
Email D.W.Chadwick@iti.salford.ac.uk
Home Page http://www.salford.ac.uk/its024/chadwick.htm
Understanding X.500 http://www.salford.ac.uk/its024/X500.htm
X.500/LDAP Seminars http://www.salford.ac.uk/its024/seminars.htm
Entrust key validation string MLJ9-DU5T-HV8J
***************************************************