[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: storing ldap passwords on HSM

To: openldap-technical@openldap.org
Subject: Re: storing ldap passwords on HSM
From: Dieter Klünter <dieter@dkluenter.de>
Date: Mon, 8 Dec 2014 10:51:47 +0100
In-reply-to: <201412080813.25816.lux-integ@btconnect.com>
Organization: AVCI
References: <201412080813.25816.lux-integ@btconnect.com>

Am Mon, 8 Dec 2014 08:13:25 +0000
schrieb "lux-integ" <lux-integ@btconnect.com>:

> Greetings,
> 
> I have been searching webpages for guidance on using a smartcard
> ( also know as an  HSM ) for storing passwords for an ldap database
> on a linux system.
> 
> This would include for instance how would   the userPassword
> (attrribute) be specified  -  i.e.  how to specify  the
> userPassword    to read   the  PIN/SO- PIN/PUK{whatever} of the
> HSM/smart-card   etc etc  ??
> 
> Any guidance would be much appreciated.

RFC-4513 describes LDAP Authentication Methods. I don't know much about
HSM/smartcards, but if the provided key is a X.509 certificate, than it
would be simple. RFC-4422 describes SASL, if your smatcard provider is
complying with this RFC, than it could be realised.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: storing ldap passwords on HSM
  - From: "lux-integ" <lux-integ@btconnect.com>

References:
- storing ldap passwords on HSM
  - From: "lux-integ" <lux-integ@btconnect.com>

Prev by Date: storing ldap passwords on HSM
Next by Date: Re: storing ldap passwords on HSM
Index(es):
- Chronological
- Thread