[Date Prev][Date Next]
Re: ACL for PGP [Virus checked (@MLP)] [Virus checked]
The implemented schema works perfectly for all PGP applications
(certification, encryption,... anything), the only thing that stops me
from really substituting the PGP KeyServer with the OpenLDAP is the
permission access. I sniffed the packages, however I don't get any hints
of the exact denial, because if the PGP client doesn't have writing
permissions it wont even bind to the LDAP server (the LDAP server
response is just a success acknowledgement instead of the normal response
with the basedn to bind). It is really strange. I'm trying to ask NAI
what's happening because if they give the option of connecting the
clients to this kind of servers they SHOULD give support for these
At 21:37 10.01.2002 +0100, you wrote:
On Thursday 10 January 2002 09:59, you wrote:
> That's what I thought. Do you have any idea why these PGP clients
> write permission throughout the whole tree, not just only the PGP
Sorry, I am completely clueless.
We stopped thinking about NAI PGP with LDAP when they told us we
should find out the schema ourselves.
Have you tried using a network sniffer such as ethereal to trace the
communication between a PGP client and the server ?
These tools show you quite detailed what requests are sent from
the client to the server. So you can see where NAI PGP needs
which kind of access and write the ACLs accordingly.
Just for my curiosity: Do you certifiy these public keys for later use or
you simply use them as uploaded to the directory ?
Peter Marschall | eMail:
97072 Würzburg |
PGP: D7 FF 20 FE E6 6B 31 74 D1 10 88 E0 3C FE 28
Alejandra Moreno Espinar
at rete ag
snail mail: Oberdorfstrasse 2, P.O.
Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88