[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL/EXTERNAL with a smartcard

To: François Beretti <francois.beretti@gmail.com>
Subject: Re: SASL/EXTERNAL with a smartcard
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 17 Feb 2006 07:35:53 -0800
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <85d6be850602170156o2b4a862eq@mail.gmail.com>
References: <85d6be850602170156o2b4a862eq@mail.gmail.com>

At 01:56 AM 2/17/2006, François Beretti wrote:
>I know that this is quite off topic, but I am wondering how to use
>SASL/EXTERNAL authentication with a certificate stored on a smartcard.
>
>For me it is not under the entire responsibility of the ssl library,
>since the LDAP library provide the certificate file, using the
>ldap.conf rules. When using a smartcard, you don't use a certificate
>file, since everything is in the smartcard, and not in the filesystem.
>So it seems that the LDAP library is uncompatible with smartcard TLS
>authentication.
>
>Am I wrong ?
>Does someone have any link toward a way to achieve this ?

In our external I-D management for SASL, we merely ask TLS
if there is a user certificate.  We don't care whether it
came from a file or not.

Now, TLS needs access to the user certificate and generally
relies on calling routines to provide the certificate
location via a file name.  We do this through ldap.conf(5)
mechanisms.  If TLS exposes another interface for providing
user certificates, OpenLDAP could certainly be extended
to support that interface.   In which case, feel free
to code something up and/or file an ITS for a feature
enhancement.

Kurt

Follow-Ups:
- Re: SASL/EXTERNAL with a smartcard
  - From: François Beretti <francois.beretti@gmail.com>

References:
- SASL/EXTERNAL with a smartcard
  - From: François Beretti <francois.beretti@gmail.com>

Prev by Date: Re: Delete Subtree
Next by Date: Re: SASL/EXTERNAL with a smartcard
Index(es):
- Chronological
- Thread