[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: testing ldaps:// w/ client certificates

At 06:50 PM 2001-09-17, Howard Chu wrote:
>> -----Original Message-----
>> From: owner-openldap-devel@OpenLDAP.org
>> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Howard Chu
>> There are some client issues with SASL/EXTERNAL, the SASL library doesn't
>> seem to
>> think that EXTERNAL is a sufficiently secure mechanism with the default
>> secprops.
>> I think if the connection has TLS then we should be doing
>> something with the
>> secprops to tell Cyrus that EXTERNAL is acceptable.
>Just to elaborate on this: slapd sets its default required properties as
>(slapd/sasl.c, slap_sasl_init, line 417)
>My Cyrus SASL library has the flags for the EXTERNAL mechanism set to

ldap_int_sasl_external() should do the right thing...