[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS-based authentication?

* Greg Matthews (gmatt@nerc.ac.uk) wrote:
> TLS is a method of negotiating encryption and not an authentication
> method. Therefore you can use simple authentication with TLS transport
> for secure connections or if you're really going to push the boat out
> have a play with sasl and TLS.

Ah, you can do TLS auth using certificates and sasl external.  The
question was if anyone was doing it.  I've received one response so far
indicating they were using it, or working on setting it up.

> Also, I'm pretty sure that TLS comes with Openssl so its not a seperate
> package.

Using Openssl isn't an option due to it's licenseing.  It is
incompatible with GPL'd programs which is why we are working to add
support for GNU TLS to OpenLDAP, as an option to use instead of OpenSSL.



Attachment: pgpteaDcDe3no.pgp
Description: PGP signature