[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: FW: Question about restrictions on username in SASL authorization

> Howard Chu wrote:
> Kurt still has a valid point that we can
> get into trouble making assumptions about
> externally obtained identifiers,

And he's perfectly right with that.

> but it strikes me that most
> people who will want to use this feature are
> already setting up their own CAs and are already generating
> certificate DNs in parallel with their LDAP
> DN hierarchy. Opinions, anyone?

Up to now even people who do propose matching certificate and LDAP
DIT did not manage to build up a matching DN tree and keep it that
way stable. Period. (Besides issues with strange unstructered DNs
like in my Thawte cert, see signature).

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature