[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: proxy authentication

At 05:36 PM 2002-06-16, Howard Chu wrote:
>> -----Original Message-----
>> From: owner-openldap-devel@OpenLDAP.org
>> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Kurt D. Zeilenga
>> This is basically the same as passing through the SASL
>> bind request/responses EXCEPT the authenticating server
>> knows it doing for the middle box and hence can prepare
>> a response which can be relayed to the end client.
>> (This could be done with bind+controls instead of an exop).
>Yes, this will work.

It may work even with mechanisms which have MITM and like
features (digest-uri) if the middlebox and authenticating
server cooperate.  That's what the controls are for, to
pass information about the middlebox to the authenticating
server so it can create responses to which the end client
will accept.