[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Netscape Communicator SSL Roaming Access?



Communicator does not support LDAP or HTTP over SSL
for just the roaming feature of Communicator.  When I spoke
with the product manager about this implementation, I was told
it was a chicken/egg problem regarding any custom certificates.
Although I disagreed because I was more than willing to handle
the customization of communicator, it still went out in this form.
I guess this falls under the heading "the vendor knows more than
we do".  Bummer.

/mrg

Andreas.Greulich@ISB.admin.ch wrote:

> Hi,
>
> I successfully installed an OpenLDAP server and have my Netscape
> Communicator profile stored on it. It's useful being able to access from
> home with the same bookmarks as inthe office. M ymain problem though is how
> to secure my access when I use it via Internet, for example from an internet
> coffee during holidays... What's needed is secure authentication.
>
> The first idea is using SSL/TLS. OpenLDAP does not yet support that, but
> this is no problem because I also installed sslwrap in the server. And the
> SSL access itself works (using sslwrap debug output and a simple try to
> access to it by https://...:636 - of course the browser doesn't produce any
> good output, but from the debug output on the server I see that the SSL
> handshaking works well).
>
> BUT... it seems Netscape Communicator (4.7) does not support SSL/TLS? Is
> this true? It seems VERY strange to me because the Communicator offers SSL
> LDAP-access for addressbook queries (the secure-login feature in the address
> book). But why not for Roaming access? It seems to be something very easy,
> after all it seems all to be there considering the SSL LDAP-access for the
> address book? Ot is there some trick I'm not aware of? I tried entering
> ldaps://... in the Roaming-Access-setting, but it doesn't seem to work. Note
> that I don't try to use SSL with client-certificate, I only use SSL for
> encryption (the standard way). So it shoul dbe quite simple.
>
> I am aware I could set up a tunnel from my PC using stunnel or so. I did nto
> yet try that, but I'm pretty sure it would work. But the point is I need an
> EASY and FAST client setup functionality - after all it should work from an
> internet-coffee-browser, without having to install a lot of things. A
> feasible option to direct browser support would be an SSL tunnel-endpoint
> for teh browser using an applet. Does such a beast exist?
>
> What I might try next (maybe somebody has experiences?) is using SSH instead
> of SSL for tunnelling - I know there is an SSH java tunnel termination
> software (Mindterm), maybe that works. But I would prefer SSL for the simple
> reason it does not require a login into the server, as SSH does (SSH tunnels
> TCP-connections within a sztandard online session that usually requires
> login).
>
> Thanks for your support,
>
>                                 Andy