[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Fwd: Re: result code for a deleted identity on a connection
I also favor leaving this to the Security Considerations section.
I was trying to remember how operating systems I have worked on handle
this. Unfortunately, the number of times I have been in a position to even
try the experiment is close to zero. But I suspect this is handled in
different ways. I know that at least one operating system does not allow
deleting a user while there are jobs running under that user; the
administrator must first boot the user off the system (probably disabling
the account first). And I think this discussion was in the context of
AuthMeth which addresses authentication methods where the server may not be
(probably isn't) the authentication authority. For a server to be aware of
events like deletion of an account in a Kerberos realm or revocation of
certificates (outside of the authentication process) is asking a lot.
John McMeeking
Michael Ströder
<michael@stroeder.co To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
m> cc: Jim Sermersheim <jimse@novell.com>, ietf-ldapbis@OpenLDAP.org
Sent by: Subject: Re: Fwd: Re: result code for a deleted identity on a connection
owner-ietf-ldapbis@O
penLDAP.org
07/29/2003 03:06 AM
Kurt D. Zeilenga wrote:
> My personal view on this thread is that issues of authentication
> and access control are a local matter and we should limit any
> additional text here to the Security Considerations section(s).
+1
Ciao, Michael.