[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [authmeth] effect of StartTLS on authentication state

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: [authmeth] effect of StartTLS on authentication state
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Thu, 3 Jul 2003 15:47:53 +0200
Cc: "Roger Harrison" <RHARRISON@novell.com>, ietf-ldapbis@OpenLDAP.org
In-reply-to: <5.2.0.9.0.20030701192833.01da9220@127.0.0.1>
References: <sf01cca0.066@prv-mail20.provo.novell.com> <5.2.0.9.0.20030701171553.01da9e50@127.0.0.1> <5.2.0.9.0.20030701192833.01da9220@127.0.0.1>

Kurt D. Zeilenga writes:

> I still believe the server is free to return strongAuthRequired at any
> time it considers the in force association to be inappropriate for the
> requested operation.

I don't think so.  5.2.1 says:
    
   Upon establishment of the TLS session onto the LDAP association, any 
   previously established authentication and authorization identities 
   MUST remain in force

> Hence, the server may, in effect, move the association to anonymous
> after StartTLS.

I think it _should_ be allowed to, yes.

-- 
Hallvard

Follow-Ups:
- Re: [authmeth] effect of StartTLS on authentication state
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- [authmeth] effect of StartTLS on authentication state
  - From: "Roger Harrison" <RHARRISON@novell.com>
- Re: [authmeth] effect of StartTLS on authentication state
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: [authmeth] effect of StartTLS on authentication state
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: [authmeth] effect of StartTLS on authentication state
Next by Date: Re: [authmeth] effect of StartTLS on authentication state
Index(es):
- Chronological
- Thread