[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS-based authentication?



> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Stephen Frost

> * Greg Matthews (gmatt@nerc.ac.uk) wrote:
> > TLS is a method of negotiating encryption and not an authentication
> > method. Therefore you can use simple authentication with
> TLS transport
> > for secure connections or if you're really going to push
> the boat out
> > have a play with sasl and TLS.
>
> Ah, you can do TLS auth using certificates and sasl external.

Correct.

> The question was if anyone was doing it.  I've received one
> response so far
> indicating they were using it, or working on setting it up.

We use this extensively in Symas Connexitor Enterprise Management System.
Whether our customers realize this or not is a separate issue; we just note
that all Connexitor communications are secured by strong mutual
authentication and encryption...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support