[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL, TLS & Client Certificates



Title: SASL, TLS & Client Certificates

I'm looking for the best way to lay in a PKI infrastructure for client
certificates on top of LDAP, EXCLUDING Kerberos.  The Admin Guide-Using
TLS, FAQ's , http://www.bayour.com/LDAPv3-HOWTO.html,
(is Kerberos centric) have been my main sources.  It seems to me
SASL EXTERNAL should give me what I need.I've gotten this far:

        Testing simple/anonymous bind
                GSSAPI,DIGEST-MD5, & CRAM-MD5

        Testing simple/anonymous bind w/SSL/TLS
                Both SSL & TLS responds w/PLAIN,LOGIN in addition to above

        Testing simple/user bind w/SSL/TLS
                Can't pass through the LDAP/PEM prompts

Am I missing something here or is there a better alternative to
SASL?  I've been unable to find anything with good SASL EXTERNAL,
cert storage, authentication, steps and example where the cert is
driving all authentication out of LDAP. 

Curtis