[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: client authentication using TLS/SASL (ITS#865)

At 07:54 PM 11/1/00 +0000, Olaf Schlüter wrote:
>There seems also some work remaining on the server side. Following your 
>hint, I fixed cyrus.c to set a authid.

I have changes in HEAD which should fix the client side.
Please test.

As far as the 2.0 server goes, slapd doesn't support SASL proxying.
You should not specify an authorization identity.  That is, don't
use -X.  slapd will derive an authorization identity from the
TLS authentication identity.  It likely will be quite ugly,
but would should be able to specify ACL which grant desired

There is experimental proxying support in HEAD as well as
identity mapping features.  See devel list archives for details.