[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL EXTERNAL with TLS Authentication
On Tuesday 12 March 2002 17:05, David H. Hawes wrote:
| Thanks for the patch--it worked like a charm. I also tried using the
| 2.1alpha code, but could not get TLS anything working. That may require
| some more tinkering on my part.
|
| Out of curiosity, what do I gain from SASL EXTERNAL TLS auth that I cannot
| get from putting the following in my slapd.conf:
|
| TLSVerifyClient 1
| security ssf=128
|
| access to *
| by ssf=128 { read | write | etc.}
|
| I would only trust certs that I gave out and require confidentiality
| (security ssf=128).
|
| I ask this because it seems that using either really only comes down to
| configuration options in slapd.conf.
|
You can use the subject of the certificate in an ACL or in a group, for
instance:
dn: cn=administrators, dc=rentec,dc=com
objectClass: top
objectClass: groupofNames
member: uid=/C=US/ST=New York/L=East Setauket/O=Renaissance Technologies Corp.
/CN=Karsten Kuenne/Email=kuenne@rentec.com
member: ....
member: ....
cn: administrators
It'll probably become much more useful with 2.1 but you can start already
today.
--
Karsten.
"Things should be made as simple as possible, but not any simpler."
-Albert Einstein