[Date Prev][Date Next]
RE: proxy authentication
At 05:06 PM 2002-06-16, Howard Chu wrote:
>> -----Original Message-----
>> From: owner-openldap-devel@OpenLDAP.org
>> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Kurt D. Zeilenga
>> At 04:54 PM 2002-06-16, Luke Howard wrote:
>> >>This is basically the same as passing through the SASL
>> >>bind request/responses EXCEPT the authenticating server
>> >>knows it [is] doing [it] for the middle box and hence can prepare
>> >>a response which can be relayed to the end client.
>> >In what cases would this be necessary?
>> Any mechanism with man-in-the-middle protection... e.g. DIGEST-MD5.
>No part of the DIGEST-MD5 exchange is dependent on the individual machines
>in the transaction.