[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL, TLS & Client Certificates

To: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
Subject: SASL, TLS & Client Certificates
From: "STEWARD, Curtis (Jamestown)" <Curtis.Steward@trw.com>
Date: Wed, 23 Oct 2002 08:16:43 -0400

Title: SASL, TLS & Client Certificates

I'm looking for the best way to lay in a PKI infrastructure for client
certificates on top of LDAP, EXCLUDING Kerberos. The Admin Guide-Using
TLS, FAQ's , http://www.bayour.com/LDAPv3-HOWTO.html,
(is Kerberos centric) have been my main sources. It seems to me
SASL EXTERNAL should give me what I need.I've gotten this far:

Testing simple/anonymous bind
GSSAPI,DIGEST-MD5, & CRAM-MD5

Testing simple/anonymous bind w/SSL/TLS
Both SSL & TLS responds w/PLAIN,LOGIN in addition to above

Testing simple/user bind w/SSL/TLS
Can't pass through the LDAP/PEM prompts

Am I missing something here or is there a better alternative to
SASL? I've been unable to find anything with good SASL EXTERNAL,
cert storage, authentication, steps and example where the cert is
driving all authentication out of LDAP.

Curtis

Follow-Ups:
- RE: SASL, TLS & Client Certificates
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: slapd's log
Next by Date: Slurp log file
Index(es):
- Chronological
- Thread