[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: biometric authentication



Howard Chu wrote, On 2011-11-14 16:15:
Chris Lee wrote:
Dear all,

I am a newbie to OpenLDAP.

I would like to know whether OpenLDAP can interface with other
authentication method. For example, finger print authentication.

OpenLDAP relies on SASL for pluggable authentication mechanisms. Since
SASL is extensible, new mechs should just be implemented there (which
thus allows them to be used by any other applications that are also
SASL-enabled, such as IMAP servers or whatever...)

On 14/11/11 18:19 +0800, Chris Lee wrote:
Dear Howard,

If the fingerprint authentication provides API, can it be invoked from
OpenLDAP and how?

Thanks in advance for all your helps.

You could implement a new SASL (RFC 4422) mechanism by creating a new
shared library within the Cyrus SASL code, which would then be usable via
slapd, and any other software which links against Cyrus.

For Cyrus SASL developer documentation, see:

http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/plugprog.php
http://www.cyrussasl.org/docs/cyrus-sasl/2.1.25/programming.php

The implementation would not require any changes to the OpenLDAP code. It
would be invoked by specifying the new mechanism - e.g. via the '-Y' option
when using the OpenLDAP client utilities.

You can direct any additional questions to the cyrus-sasl mailing list at:

http://www.cyrussasl.org/mediawiki/index.php/Cyrus_Mailing_Lists

--
Dan White