[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Netscape Communicator SSL Roaming Access?
Hi,
I successfully installed an OpenLDAP server and have my Netscape
Communicator profile stored on it. It's useful being able to access from
home with the same bookmarks as inthe office. M ymain problem though is how
to secure my access when I use it via Internet, for example from an internet
coffee during holidays... What's needed is secure authentication.
The first idea is using SSL/TLS. OpenLDAP does not yet support that, but
this is no problem because I also installed sslwrap in the server. And the
SSL access itself works (using sslwrap debug output and a simple try to
access to it by https://...:636 - of course the browser doesn't produce any
good output, but from the debug output on the server I see that the SSL
handshaking works well).
BUT... it seems Netscape Communicator (4.7) does not support SSL/TLS? Is
this true? It seems VERY strange to me because the Communicator offers SSL
LDAP-access for addressbook queries (the secure-login feature in the address
book). But why not for Roaming access? It seems to be something very easy,
after all it seems all to be there considering the SSL LDAP-access for the
address book? Ot is there some trick I'm not aware of? I tried entering
ldaps://... in the Roaming-Access-setting, but it doesn't seem to work. Note
that I don't try to use SSL with client-certificate, I only use SSL for
encryption (the standard way). So it shoul dbe quite simple.
I am aware I could set up a tunnel from my PC using stunnel or so. I did nto
yet try that, but I'm pretty sure it would work. But the point is I need an
EASY and FAST client setup functionality - after all it should work from an
internet-coffee-browser, without having to install a lot of things. A
feasible option to direct browser support would be an SSL tunnel-endpoint
for teh browser using an applet. Does such a beast exist?
What I might try next (maybe somebody has experiences?) is using SSH instead
of SSL for tunnelling - I know there is an SSH java tunnel termination
software (Mindterm), maybe that works. But I would prefer SSL for the simple
reason it does not require a login into the server, as SSH does (SSH tunnels
TCP-connections within a sztandard online session that usually requires
login).
Thanks for your support,
Andy