[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [authmeth] effect of StartTLS on authentication state
Kurt D. Zeilenga writes:
> I still believe the server is free to return strongAuthRequired at any
> time it considers the in force association to be inappropriate for the
> requested operation.
I don't think so. 5.2.1 says:
Upon establishment of the TLS session onto the LDAP association, any
previously established authentication and authorization identities
MUST remain in force
> Hence, the server may, in effect, move the association to anonymous
> after StartTLS.
I think it _should_ be allowed to, yes.
--
Hallvard