[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticate with smartcard or other certificate

Thomas Gäbler wrote:
Hi @ all,

is it possible, to authenticate with any kind of certificate (smartcard,
softwaretoken, ...)?
Now, I have the following solution:

Using SASL/EXTERNAL binds, yes. Of course that requires that you've established a TLS session first, and that the certificate was used to establish the TLS session.

I have an additional attribute for the serialNumber of the certificate stored
in the ldap-entry.
If a user will auth with certificate, i search for all entries, where the
serial-attribute match.

for the matching entries i read the certificate from ldap and check the public
but for an other implementation i need a possibility to auth directly with

Any idea?
Thanks for help!

*procilon IT-Solutions GmbH*

Leipziger Straße 110
04425 Taucha bei Leipzig
tel: +49 34298 4878-10
fax: +49 34298 4878-11

www.procilon.de <http://www.procilon.de>
Sitz der Gesellschaft: Leipziger Straße 110, 04425 Taucha bei Leipzig
Amtsgericht Leipzig HRB 18003 , Geschäftsführer Steffen Scholz

Diese E-Mail kann Betriebs- oder Geschäftsgeheimnisse oder sonstige
vertrauliche Informationen
enthalten. Sollten Sie diese E-Mail irrtümlich erhalten haben, ist Ihnen eine
Kenntnisnahme des
Inhalts, eine Vervielfältigung oder Weitergabe der E-Mail ausdrücklich untersagt.
Bitte benachrichtigen Sie uns und vernichten Sie die empfangene E-Mail.
Vielen Dank.

This e-mail may contain trade secrets or privileged, undisclosed, or otherwise
information. If you have received this e-mail in error, you are hereby
notified that any review,
copying, or distribution of it is strictly prohibited. Please inform us
immediately and destroy
the original transmittal. Thank you for your cooperation.

These email disclaimers are pointless on a public mailing list.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/