[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL External : certificates stored in LDAP

To: OpenLDAP Devel <openldap-devel@OpenLDAP.org>
Subject: Re: SASL External : certificates stored in LDAP
From: Mitrana Cristian <cmitrana@xnet.ro>
Date: Tue, 18 Mar 2003 16:31:35 -0500
In-reply-to: <3E7724F7.2040405@stroeder.com>
References: <1047908550.9280.35.camel@linux-integ> <20030318114339.GA1646@mitu.titan.ro> <3E7724F7.2040405@stroeder.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030314

Michael Ströder wrote:

Mitrana Cristian wrote:
I think this idea is plain wrong. If the cert will be stored in the DIT, what kind of authentication is that ? Every bind operation that request a SASL/EXTERNAL will be auth'ed based on the cert, i.e. every client that knows a DN which auhtenticates with SASL/EXTERNAL and has the cert stored on the server will can authenticate as the DN. Doesn't this defeat the purpose of the authentication ? Correct my if I'm wrong, just my 2cents.
You still need the appropriate private key for the user certificate during connecting with SSL/TLS. This is the credential - not the X.509 certificate itself.
Ciao, Michael.

Right ! My mistake, I just confused the things a little bit. Anyway, since this requires the client to have private key on his end, it might as well have the certificate.

mitu

References:
- SASL External : certificates stored in LDAP
  - From: Francois Beretti <francois.beretti@enatel.com>
- Re: SASL External : certificates stored in LDAP
  - From: Mitrana Cristian <cmitrana@xnet.ro>
- Re: SASL External : certificates stored in LDAP
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: SASL External : certificates stored in LDAP
Next by Date: RE: SASL External : certificates stored in LDAP
Index(es):
- Chronological
- Thread