-----Original Message-----
From: Bob Blakley [mailto:blakley@dascom.com]
Sent: Monday, November 15, 1999 3:02 PM
> Paul writes:
>> If this is going to prove such a bother, I would just prefer that
>> the whole authzid thing got yanked. I think its a bad idea to let
>> anyone (even an admin) just declare that they want to be someone
>> else. A bad idea in that I think its ripe for security abuse.
> I feel some sympathy for this proposal. Is anyone using authzid?
Not us. We can't. We hand over all the authentication stuff to authentication modules architected along the lines of GSS, and they work in an application protocol independent way, and have no idea what "dn: uid=kdz,dc=bar,dc=com", or similar, means.
Even if this weren't the case, implementation of this feature by a server means that it has to run as root to be able to change its identity. That's a Bad Thing (tm) for an application protocol to require. And it has to be able to check whether the user authenticating to it has the right to ask it to become anyone the user wants. It has to get that check right, or the security of the whole system running the LDAP server, and maybe even other servers, is at risk.
Paul