[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL/EXTERNAL - why/how?

I got SASL/EXTERNAL working last week. No big deal. 

But when it finally work every time, and I understood
exactly WHAT I was doing, I started thinking...

Why would anyone use this? Sure, managing the LDAP database,
but what else? That work isn't THAT complicated and/or takes
that long...

>From what I could gather, nothing else accepts a SSL certificate
as authentication method, so other than the LDAP connection, the
authentication mechanism is 'useless'... What did I miss?

Another thing I was starting to wonder was how it actually worked.
This is what I managed to find about the mechanism:

1. Client and server negotiate cipher suite with encryption algorithm 
2. Server requests client certificate 
3. Client sends certificate and performs a private key based
   encryption to prove its possession 
4. Server checks validity of certificate and its CA

But that looks a little bleak. Is there nothing more?