[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: proxy authentication

To: openldap-devel@OpenLDAP.org
Subject: Re: proxy authentication
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 16 Jun 2002 16:42:05 -0700
In-reply-to: <5.1.0.14.0.20020616161714.0248c830@127.0.0.1>

This is basically the same as passing through the SASL
bind request/responses EXCEPT the authenticating server
knows it doing for the middle box and hence can prepare
a response which can be relayed to the end client.

(This could be done with bind+controls instead of an exop).

Kurt

At 04:20 PM 2002-06-16, Kurt D. Zeilenga wrote:
>another approach would be to have an extended operation
>which would an application server could use to proxy the
>SASL exchanges.  That is, an exop whose request data
>was the SASL request data provided to application server
>(from the application client) and whose response data
>was the SASL response data to be provided to the
>application client.  The exop could also carry, on
>the last exchange response, the authentication and
>authorization identity established.
>
>Kurt

Follow-Ups:
- RE: proxy authentication
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- proxy authentication
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: proxy authentication
Next by Date: Re: proxy authentication
Index(es):
- Chronological
- Thread