[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fwd: Re: authmeth: unsupported <TLS+anonymous bind>



In thinking about this, perhaps I've over-stepped my authority as an ID editor on this one. The original way implied that it was optional to support anonymous authentication when TLS was established, but now this isn't the case. I'd appreciate some advice here.
 
Thanks,
 
Roger

>>> Roger Harrison 2/16/2004 2:08:03 AM >>>
For authmeth -10, the single, consolidated section on anonymous authentication now states that LDAP implementations MUST support anonymous authentication with no other qualifications. The fact that Start TLS is a required-to-implement operation implies that implementations MUST support anonymous authentication when TLS is established.
 
Roger

>>> Hallvard B Furuseth <h.b.furuseth@usit.uio.no> 1/3/2004 7:34:17 AM >>>
authmeth-09 says:

> 5. Anonymous Authentication

> LDAP implementations MUST support anonymous authentication, as
> defined in section 5.1.
>
> LDAP implementations MAY support anonymous authentication with TLS,
> as defined in section 5.2.

Huh? Why allow implementations to not support anonymous
authentication on secure connections, but support it on insecure
ones? I could understand it if it was the other way around - along
with not implementing Simple Bind at all without TLS.

--
Hallvard