[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL for PGP [Virus checked (@MLP)] [Virus checked]


On Friday 11 January 2002 10:48, you wrote:
> The implemented schema works perfectly for all PGP applications
> (certification, encryption,... anything), the only thing that stops me from
> really substituting the PGP KeyServer with the OpenLDAP is the permission
> access. I sniffed the packages, however I don't get any hints of the exact
> denial, because if the PGP client doesn't have writing permissions it wont
> even bind to the LDAP server (the LDAP server response is just a success
> acknowledgement instead of the normal response with the basedn to bind). It
> is really strange. I'm trying to ask NAI what's happening because if they
> give the option of connecting the clients to this kind of servers they
> SHOULD give support for these errors.

If you trace the connections you should be able to find out, to which
objects the PGP clients wants to have which kind of access (search,
read, write, ..)
This information should be sufficient to build more restrictive ACLs
than you have now.


Peter Marschall     |   eMail: peter.marschall@mayn.de
Scheffelstraße 15   |          peter.marschall@is-energy.de
97072 Würzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35