[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS client certificate pb

tor, 2003-03-06 kl. 09:32 skrev Dieter Kluenter:

> > SASL External is simply wire encryption (either ssl or tls). Client
> > certificates are not needed for it.
> No, here you are wrong, External is a SASL mechanism for authentication.
> Just write a saslRegexp to match your CN and you can use certificates
> to authenticate. Here ist the output of my certificate
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.--
> ieter@marin:/usr/local/bin> ./ldapsearch -Y EXTERNAL -ZZ -b "cn=connections,cn=monitor" -s base
> SASL/EXTERNAL authentication started
> SASL username: Email=dieter@xxxxx,CN=Dieter Kluenter\2Cou=partner\2Cou=users\2Co=avci\2Cc=de,OU=ldapclient,O=avci,L=Hamburg,ST=Germany,C=DE
> -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

Thanks Dieter - I got it mixed up with SASL plain. Since then I've been
following the threads, read rfcs 2251 and 2222 etc; in fact, a couple of
days older and wiser.




Tony Earnshaw

All the world is mad, exceptin thee and me
and even thee's a little queer

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl