[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication Methods for LDAP - last call (mandatory CRAM-MD5)

To: ietf-ldapext@netscape.com
Subject: Re: Authentication Methods for LDAP - last call (mandatory CRAM-MD5)
From: Chris Newman <Chris.Newman@INNOSOFT.COM>
Date: Tue, 04 Aug 1998 15:41:26 -0700 (PDT)
In-reply-to: <199808041807.LAA13479@Wind.Stanford.EDU>
Resent-date: Tue, 04 Aug 1998 15:40:59 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"JZ45M3.0.L_3.qtunr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

On Tue, 4 Aug 1998 Jeff.Hodges@stanford.edu wrote:
> 2. I am concerned that AuthMeth does not profile KERBEROS_V4 or GSSAPI SASL 
> mechanisms, in particular utilizing Kerberos v5 via the GSSAPI mechanism. More 
> on this below.

Is there really a need to profile them?  I think there's only a need to
profile what a SASL authorization identity means in LDAP and profile those
mechanisms which are either mandtory, recommended, or overlap existing
LDAP functionality.  The draft already does this.

I would not object to statements along the lines of "the KERBEROS_V4 SASL
mechanism is used to provide Kerberos V4 support in LDAP."  And "the
GSSAPI SASL mechanism with the Kerberos 5 GSSAPI profile is used to
provide Kerberos V5 support in LDAP."  But I don't see any compelling need
for additional mechanism profiles.

		- Chris

References:
- Re: Authentication Methods for LDAP - last call (mandatory CRAM-MD5)
  - From: Jeff.Hodges@stanford.edu

Prev by Date: Re: Authentication Methods for LDAP - last call (mandatory CRAM-MD5)
Next by Date: Re: Authentication Methods for LDAP - last call (mandatory CRAM-MD5)
Index(es):
- Chronological
- Thread