[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIGEST-MD5 returns 'user not found'

lemons_terry@emc.com wrote:
Thanks, Howard; I think I'm beginning to understand this.

So, the AUTHENTICATION piece is done by SASL using digest_md5, an
'external' connection to TLS, etc.  But the AUTHORIZATION piece is
handled by the rules defined in the access control policy section of
slapd.conf, right?

Yes, basic principles of computer security. Authentication (who are you?) is distinct from Authorization (what are you allowed to do?).


-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/