[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL External Clarification

At 02:28 AM 3/12/2003, Francois Beretti wrote:
>but according to my ACLs, a user who doesn't exist in the directory
>shouldn't be able to bind to it...


>Dieter said that I was doing an anonymous bind (I haven't yet these
>Now anonymous bind should be forbidden
>Am I wrong ?


A "by anonymous auth" clause statement says:
        "An anonymous client can access the target directory
       information for authentication purposes."

Since the credentials are not held in the directory, there
client doesn't not need access to the directory to

Examples of credentials not held in the directory include
"rootpw", sasldb, Kerberos tickets, AF_UNIX peer eid, and
PKI certificates.