Re: ACL for PGP [Virus checked (@MLP)] [Virus checked]

[Alejandra Moreno <alejandra.moreno@atrete.ch>]

Hi!

Really, if there are no write permissions the PGP client doesn't even
bind to the server, so I can't see which objects he tries to search
for.


At 11:33 13.01.2002 +0100, you wrote:
> Hi,
>
> On Friday 11 January 2002 10:48, you wrote:
> > The implemented schema works perfectly for all PGP 
> applications
> > (certification, encryption,... anything), the only thing that stops
> me from
> > really substituting the PGP KeyServer with the OpenLDAP is the
> permission
> > access. I sniffed the packages, however I don't get any hints of the
> exact
> > denial, because if the PGP client doesn't have writing permissions
> it wont
> > even bind to the LDAP server (the LDAP server response is just a
> success
> > acknowledgement instead of the normal response with the basedn to
> bind). It
> > is really strange. I'm trying to ask NAI what's happening because if
> they
> > give the option of connecting the clients to this kind of servers
> they
> > SHOULD give support for these errors.
>
> If you trace the connections you should be able to find out, to
> which
> objects the PGP clients wants to have which kind of access (search,
> read, write, ..)
> This information should be sufficient to build more restrictive 
> ACLs
> than you have now.
>
> Yours
> Peter
>
> -- 
> Peter Marschall     |   eMail:
> peter.marschall@mayn.de
> Scheffelstraße 15  
> |         
> peter.marschall@is-energy.de
> 97072 Würzburg      |  
> Tel:   0931/14721
> PGP:  D7 FF 20 FE E6 6B 31 74  D1 10 88 E0 3C FE 28
> 35

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________