[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: tlsverifyclient security implications
- To: <manu@netbsd.org>, <openldap-software@openldap.org>
- Subject: Re: tlsverifyclient security implications
- From: <Josh.Mullis@cox.com>
- Date: Sun, 23 Aug 2009 13:29:28 -0400
- Accept-language: en-US
- Acceptlanguage: en-US
- Content-language: en-US
- Thread-index: AcojvyuiZ82MUioqRu66C5+mOIDmigAWBlM6
- Thread-topic: tlsverifyclient security implications
..."If the client does not send a certificate, it can still connect."
Does that mean that traffic is still encrypted if a certificate is not used?
----- Original Message -----
From: Emmanuel Dreyfus <manu@netbsd.org>
To: Mullis, Josh (CCI-Atlanta); openldap-software@openldap.org <openldap-software@openldap.org>
Sent: Sun Aug 23 02:59:05 2009
Subject: Re: tlsverifyclient security implications
Josh Mullis <josh.mullis@cox.com> wrote:
> What are the security implications concerning the following setting in
> slapd.conf:
> tlsverifyclient allow
As far as I understand, if the client sends a certificate, then slapd
can use it to map client to a LDAP DN, like this:
authz-regexp cn=foo uid=foo,dc=example,dc=net
If the client does not send a certificate, it can still connect.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org