[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authmeth/DIGEST-MD5

To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.Org>
Subject: RE: Authmeth/DIGEST-MD5
From: "Paul Leach (Exchange)" <paulle@Exchange.Microsoft.com>
Date: Mon, 26 Jul 1999 16:57:53 -0700
Cc: RL 'Bob' Morgan <rlmorgan@cac.washington.edu>, ietf-ldapext@netscape.com
Resent-date: Mon, 26 Jul 1999 17:01:10 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"-5vSlB.A.CgD.-aPn3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.Org]
> Sent: Monday, July 26, 1999 11:02 AM
> >
> >Why is it useful to have many realms in a DIT? In fact, what 
> do realms have
> >to do with DITs at all?
> 
> The DITs don't.  My point is that a server may be able to authenticate
> over a large set of realms but that only a small subset of realms
> are relevant to any specific user which might be authenticated.

As a hypothetical scenario, I understand that.

However, I don't see any compelling reason why a single server should need
to be so configured. Especially since it creates the problems you mentioned.
In your hosting scenario, all the hosted parties have to trust whoever runs
the server, so they can just put all the user accounts into one realm for
the server. (They can still be separately administered.)

Paul

Prev by Date: HOT STOCK PICK (adv.)
Next by Date: Re: Named Referrals Questions.
Index(es):
- Chronological
- Thread