lux-integ wrote: > On Monday 08 December 2014 09:51:47 Dieter Klünter wrote: >> RFC-4513 describes LDAP Authentication Methods. I don't know much about >> HSM/smartcards, but if the provided key is a X.509 certificate, than it >> would be simple > > yes I will consider x509 certificates placed within the smart-card Then using smartcards is mostly a client issue with the client being able to send SASL/EXTERNAL at least. On the server you probably want to define a authz-regexp mapping (besides correctly configuring the trust anchor for the client certs). As said: If you use libldap you could use PKCS#11 provider module with OpenSSL's pkcs11 engine of libnss. If you're using other LDAP client APIs you have to dive into what they provide. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature