[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authentication of both proxy and client

To: openldap-software@OpenLDAP.org
Subject: Authentication of both proxy and client
From: Stig Venaas <Stig.Venaas@uninett.no>
Date: Mon, 22 Oct 2001 11:13:35 +0200
Content-disposition: inline
User-agent: Mutt/1.2.5i

I would like users to access a resource by supplying username and
password, and have the resource use LDAP for user authentication.
I would like the resource to be authenticated first, and then I
would like the resource to hand username/password to the LDAP
server, thus delegating the user authentication to the LDAP server.

If I understand SASL correctly, it won't do user authentication,
only authorization. What I would like I think, is for the resource/
proxy to use TLS with certificate authentication, and then have the
resource bind on behalf of the user with the username/password the
user supplied. This is possible to do today; the only thing I miss,
is a way to refer to attributes and values in the client certificate
in ACLs. That might be useful in other situations as well, or?

Does this make any sense, or should I consider a completely diffe-
rent solution? I suppose some would say that I should have the
resource retrieve encrypted passwords (or other data) from the LDAP
server, and validate the credentials on its own.

Stig

Follow-Ups:
- Re: Authentication of both proxy and client
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: OpenLDAP on cygwin....again
Next by Date: "<" and generalizedTimeMatch
Index(es):
- Chronological
- Thread