[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Require SSL transport?

To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>
Subject: RE: Require SSL transport?
From: Justin Hahn <jhahn@profitlogic.com>
Date: Fri, 2 Feb 2001 14:45:28 -0500
Cc: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>

> This says "require 128 bits of encryption."  This encryption can be
> provided by any layer (SASL, TLS, or transport).  If the protection
> is not present, only operations commands which can be used to initiate
> such protections (e.g Start TLS) are allowed.

OK, so if I specify 

security tls=128

then I am guaranteed to get at least 128 bits of encryption for ALL access,
via
TLS, or am I mistaken? Or would this require 128 bits no more no less? 
If that's the case, is there a >= function?

> You can use ACLs to restrict simple authentication, for example:
>         access to attrs=userPassword
>                 by ssf=112 auth
>                 by ssf=128 self write
>                 by * none

I see! So it's a literal equals... This explains a lot.



> >access to *
> >        by ssf=0 none
> 
> That's equivalent to saying
>   access to * by * none

OK, I was misunderstanding what is meant by ssf. It is now clear.

Thanks for your help.

Prev by Date: RE: Require SSL transport?
Next by Date: Re: draft-ietf-ldapext-acl-model-xx.txt, status??
Index(es):
- Chronological
- Thread