[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: EXTERNAL/ldap://127.0.0.1/

To: Howard Chu <hyc@highlandsun.com>
Subject: RE: EXTERNAL/ldap://127.0.0.1/
From: Igor Brezac <igor@ipass.net>
Date: Mon, 17 Mar 2003 13:23:09 -0500 (EST)
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <002701c2ecb1$3e869890$0e01a8c0@CELLO>
References: <002701c2ecb1$3e869890$0e01a8c0@CELLO>

On Mon, 17 Mar 2003, Howard Chu wrote:

> > -----Original Message-----
> > From: owner-openldap-devel@OpenLDAP.org
> > [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Igor Brezac
>
> > What do you think about making EXTERNAL/ldap://127.0.0.1/
> > work the same as
> > EXTERNAL/ldapi:///?  Unix domain sockets on solaris are not
> > that great.
> > :(
>
> There is no mechanism for passing Unix credentials across an IP socket. The
> SASL/EXTERNAL mechanism requires that the external security layer
> communicates a user ID from the client to the server; you cannot do this over
> an IP socket without a protocol like Kerberos, SSL, etc...
>

I understand that, but I was wondering if loopback interface can be
treated the same as unix domain socket when it comes to EXTERNAL mech?  I
am running into performance and stability issue with ldapi on solaris.
;(

-- 
Igor

Follow-Ups:
- RE: EXTERNAL/ldap://127.0.0.1/
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- RE: EXTERNAL/ldap://127.0.0.1/
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: EXTERNAL/ldap://127.0.0.1/
Next by Date: RE: EXTERNAL/ldap://127.0.0.1/
Index(es):
- Chronological
- Thread