[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL for PGP [Virus checked (@MLP)] [Virus checked]



Hi!

Really, if there are no write permissions the PGP client doesn't even bind to the server, so I can't see which objects he tries to search for.


At 11:33 13.01.2002 +0100, you wrote:
Hi,

On Friday 11 January 2002 10:48, you wrote:
> The implemented schema works perfectly for all PGP applications
> (certification, encryption,... anything), the only thing that stops me from
> really substituting the PGP KeyServer with the OpenLDAP is the permission
> access. I sniffed the packages, however I don't get any hints of the exact
> denial, because if the PGP client doesn't have writing permissions it wont
> even bind to the LDAP server (the LDAP server response is just a success
> acknowledgement instead of the normal response with the basedn to bind). It
> is really strange. I'm trying to ask NAI what's happening because if they
> give the option of connecting the clients to this kind of servers they
> SHOULD give support for these errors.

If you trace the connections you should be able to find out, to which
objects the PGP clients wants to have which kind of access (search,
read, write, ..)
This information should be sufficient to build more restrictive ACLs
than you have now.

Yours
Peter

--
Peter Marschall     |   eMail: peter.marschall@mayn.de
Scheffelstraße 15   |          peter.marschall@is-energy.de
97072 Würzburg      |   Tel:   0931/14721
PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28 35

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________