[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: forcing encryption for external server access while allowing unencrypted localhost connections

To: openldap-software@OpenLDAP.org, Chris Paul <openldap@rexconsulting.net>
Subject: Re: forcing encryption for external server access while allowing unencrypted localhost connections
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Tue, 21 Sep 2004 20:03:24 -0400 (EDT)
In-reply-to: <4150B5B3.5040704@rexconsulting.net>
References: <413E1FC9.9080102@rexconsulting.net> <m3u0u95kwc.fsf@marin.l4b.de> <4141E801.5040908@rexconsulting.net> <6.1.2.0.0.20040910141706.0426a150@127.0.0.1> <41477EFB.6090005@rexconsulting.net> <41484179.1050907@Goerwitz.COM> <4148BFCD.9020306@rexconsulting.net> <m3oek6wwrj.fsf@marin.l4b.de> <41498E2F.6090907@Goerwitz.COM> <m3wtyuun6e.fsf@marin.l4b.de> <4150B5B3.5040704@rexconsulting.net>

> I want to be able to specify which listeners require encryption.

If you're willing to concede that 127.0.0.0/8 will never appear outside of
your loopback interface, you can synthesize this by checking peer IPs.

# 127.0.0.1 is allowed, regardless of ssf. world at large needs ssf check
access to dn.<dnstyle1>=<what1>
        by peername.ip=127.0.0.1 <access1>
        by * none break
# We're not coming via loopback; ssf must be checked.
access to dn.<dnstyle1>=<what1>
        by ssf=128 <access2>
        by * none

Follow-Ups:
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: "Richard L. Goerwitz III" <richard@Goerwitz.com>

References:
- forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Chris Paul <openldap@rexconsulting.net>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Chris Paul <openldap@rexconsulting.net>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Chris Paul <openldap@rexconsulting.net>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: "Richard L. Goerwitz III" <richard@Goerwitz.com>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Chris Paul <openldap@rexconsulting.net>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: "Richard L. Goerwitz III" <richard@Goerwitz.com>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: forcing encryption for external server access while allowing unencrypted localhost connections
  - From: Chris Paul <openldap@rexconsulting.net>

Prev by Date: Re: forcing encryption for external server access while allowing unencrypted localhost connections
Next by Date: Re: slapd-meta
Index(es):
- Chronological
- Thread