[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL/EXTERNAL - why/how?

To: openldap-software@OpenLDAP.org
Subject: SASL/EXTERNAL - why/how?
From: Turbo Fredriksson <turbo@bayour.com>
Date: 05 Jul 2004 08:17:56 +0200
Organization: LDAP/Kerberos expert wannabe
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

I got SASL/EXTERNAL working last week. No big deal. 

But when it finally work every time, and I understood
exactly WHAT I was doing, I started thinking...

Why would anyone use this? Sure, managing the LDAP database,
but what else? That work isn't THAT complicated and/or takes
that long...

>From what I could gather, nothing else accepts a SSL certificate
as authentication method, so other than the LDAP connection, the
authentication mechanism is 'useless'... What did I miss?


Another thing I was starting to wonder was how it actually worked.
This is what I managed to find about the mechanism:

1. Client and server negotiate cipher suite with encryption algorithm 
2. Server requests client certificate 
3. Client sends certificate and performs a private key based
   encryption to prove its possession 
4. Server checks validity of certificate and its CA

But that looks a little bleak. Is there nothing more?

Follow-Ups:
- Re: SASL/EXTERNAL - why/how?
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: SASL/EXTERNAL - why/how?
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: Commandline ldapadd
Next by Date: Re: SASL/EXTERNAL - why/how?
Index(es):
- Chronological
- Thread