[Date Prev][Date Next]
Re: SSL certificate auth without SASL (ITS#3286)
>Full_Name: Donn Cave
>Version: HEAD (Aug 17)
>Submission from: (NULL) (220.127.116.11)
>Allow simple bind with no password, bind DN == SSL certificate DN.
I had a patch for this 'way back in OpenLDAP 2.0 but I abandoned it.
There is no standard specification (e.g. RFC) for this behavior, and we
really need to have that before a feature like this can be incorporated.
Why can't you just use SASL/EXTERNAL? Alternatively, you can publish an
RFC defining exactly how this feature should be (a) advertised by
servers to clients and (b) used.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support