[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS-based authentication?

To: "'Stephen Frost'" <sfrost@snowman.net>, "'Greg Matthews'" <gmatt@nerc.ac.uk>
Subject: RE: TLS-based authentication?
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 26 Jun 2003 12:13:49 -0700
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <20030626180303.GY20969@ns.snowman.net>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Stephen Frost

> * Greg Matthews (gmatt@nerc.ac.uk) wrote:
> > TLS is a method of negotiating encryption and not an authentication
> > method. Therefore you can use simple authentication with
> TLS transport
> > for secure connections or if you're really going to push
> the boat out
> > have a play with sasl and TLS.
>
> Ah, you can do TLS auth using certificates and sasl external.

Correct.

> The question was if anyone was doing it.  I've received one
> response so far
> indicating they were using it, or working on setting it up.

We use this extensively in Symas Connexitor Enterprise Management System.
Whether our customers realize this or not is a separate issue; we just note
that all Connexitor communications are secured by strong mutual
authentication and encryption...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- Re: TLS-based authentication?
  - From: Stephen Frost <sfrost@snowman.net>

Prev by Date: RE: Last attempt at TLS/SSL
Next by Date: RE: Last attempt at TLS/SSL
Index(es):
- Chronological
- Thread