[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL EXTERNAL



Hi,
I've setup 2.1.1beta with "TLSVerifyClient demand" and I'm using a client certificate which is validated correctly as it seems. At least I do get the PLAIN and LOGIN mechs in addition to GSSAPI but no EXTERNAL. What else needs to be done to enable SASL EXTERNAL?


From slapd debug output:
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS certificate verification: depth: 2, err: 0, subject: /C=DE/O=Deutsches Forschungsnetz/OU=DFN-CERT GmbH/OU=DFN-PCA/CN=DFN Toplevel Certification Authority/Email=certify@pca.dfn.de, issuer: /C=DE/O=Deutsches Forschungsnetz/OU=DFN-CERT GmbH/OU=DFN-PCA/CN=DFN Toplevel Certification Authority/Email=certify@pca.dfn.de
TLS certificate verification: depth: 1, err: 0, subject: /C=DE/O=DAASI International GmbH/OU=DAASI CA/Email=ca@daasi.de, issuer: /C=DE/O=Deutsches Forschungsnetz/OU=DFN-CERT GmbH/OU=DFN-PCA/CN=DFN Toplevel Certification Authority/Email=certify@pca.dfn.de
TLS certificate verification: depth: 0, err: 0, subject: /C=DE/ST=Baden-W\xFCrttemberg/L=T\xFCbingen/O=DAASI International GmbH/CN=Norbert Klasen/Email=norbert.klasen@daasi.de, issuer: /C=DE/O=DAASI International GmbH/OU=DAASI CA/Email=ca@daasi.de
TLS trace: SSL_accept:SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read certificate verify A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL3 alert read:warning:close notify
TLS trace: SSL3 alert write:warning:close notify



-- Norbert Klasen, Dipl.-Inform. DAASI International GmbH phone: +49 7071 29 70336 Wilhelmstr. 106 fax: +49 7071 29 5114 72074 Tübingen email: norbert.klasen@daasi.de Germany web: http://www.daasi.de