[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL External Clarification



Le mer 12/03/2003 à 16:30, Kurt D. Zeilenga a écrit :
> >Now anonymous bind should be forbidden
> >Am I wrong ?
> 
> Yes.
> 
> A "by anonymous auth" clause statement says:
>         "An anonymous client can access the target directory
>        information for authentication purposes."
> 
> Since the credentials are not held in the directory, there
> client doesn't not need access to the directory to
> authentication.
> 
> Examples of credentials not held in the directory include
> "rootpw", sasldb, Kerberos tickets, AF_UNIX peer eid, and
> PKI certificates.

ok, what you want to say is that sasl external is particular (credential
can be accessible whithout any access on the directory) and that
particularity makes possible to anonymously bind to the directory
without any access, and so without such a clause statement

I think everything is clear for me :)

thanks Kurt

Francois