[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS and client certificates

Section 7.1 of RFC 2829 mentions the use of client certificates to authernicate users.
Specially where the client signs its own certificate with its private key. Perhap requesting a passphrase when this occurs.

Does OpenLdap 2.0.7 support or plan to support this?

Is the Servers own Certificate used as a Trusted CA
Can other CA's be used?
What is its relationship to SASL "EXTERNAL".

Am I correct that SASL "PLAIN" and ANONYMOUS" are not used in Openldap (as per 8.0 of RFC2829).
ie DIGEST-MD5,CRAM-MD5,KERBROSE and EXTERNAL are the only options for SASL Mechanism
Openldap can not authernicate via PAM correct. 
Is the SASL library used to hash userPassword?

If I want to use SASL DIGEST-MD5 how do I choose SASL realm and SASL host?