[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slave/Replica server authentication/authorization question

--On Thursday, February 26, 2004 9:47 AM -0600 "Aaron M. Hirsch" <Aaron.Hirsch@atosorigin.com> wrote:

Hash: SHA1

~From my understanding the following rules should allow for users to
authenticate as themselves or anonymously:

access to attrs=userPassword
~    by self write
~    by anonymous auth

and the following allows anonymous queries of the database:

access to *
~    by * read

I think you misunderstand what "auth" means. I think you need "compare" for your anonymous line at a minimum, otherwise there is no access to the userpassword entry that the incoming connection can use to determine if the password supplied is correct or not.

Please see:



Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html