[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL for PGP [Virus checked (@MLP)] [Virus checked]


The implemented schema works perfectly for all PGP applications (certification, encryption,... anything), the only thing that stops me from really substituting the PGP KeyServer with the OpenLDAP is the permission access. I sniffed the packages, however I don't get any hints of the exact denial, because if the PGP client doesn't have writing permissions it wont even bind to the LDAP server (the LDAP server response is just a success acknowledgement instead of the normal response with the basedn to bind). It is really strange. I'm trying to ask NAI what's happening because if they give the option of connecting the clients to this kind of servers they SHOULD give support for these errors.


At 21:37 10.01.2002 +0100, you wrote:

On Thursday 10 January 2002 09:59, you wrote:
> That's what I thought. Do you have any idea why these PGP clients need
> write permission throughout the whole tree, not just only the PGP Key
> branch?

Sorry, I am completely clueless.
We stopped thinking about NAI PGP with LDAP when they told us we
should find out the schema ourselves.

Have you tried using a network sniffer such as ethereal to trace the
communication between a  PGP client and the server ?
These tools show you quite detailed what requests are sent from
the client to the server. So you can see where NAI PGP needs
which kind of access and write the ACLs accordingly.

Just for my curiosity: Do you certifiy these public keys for later use or do
you simply use them as uploaded to the directory ?


Peter Marschall     |   eMail: peter.marschall@mayn.de
Scheffelstraße 15   |          peter.marschall@is-energy.de
97072 Würzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35

Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88