[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-general
Subject:    RE: Access-Control
From:       "Fu, Jing" <Jing_Fu () atlanta ! stercomm ! com>
Date:       1999-08-04 14:02:55
[Download RAW message or body]

I have two questions:

1)	Can you use SSL simply as an encryption mechanism, without the
client certificates, and conduct the entire session under encryption?  Say,
still use normal user name and password, but simply let SSL encrypt them?

2)	When you talk about Kerberos, do you mean Kerberos 4 or 5?  Although
Kerberos 5 is employed in NT 5, I don't know if anybody has done it for
SASL.  BTW, where can I find Kerberos plugins and their documents?

Thanks,
Jing

		-----Original Message-----
		From:	Mark Wilcox [mailto:mark@mjwilcox.com]
		Sent:	Tuesday, August 03, 1999 9:28 PM
		To:	Stefan Kiesow; OpenLDAP
		Subject:	Re: Access-Control

		......

		In LDAP v3 there are 3 ways of handling authentication in
step 2:

		1) simple dn and password. This is traditional mechanism
where you pass a DN
		and password to the server via clear text. It's the default
and most widely
		used mechanism
		2) You can authenticate via SSL client certificates
		3) You can authenticate via a SASL plugin. SASL is an
Internet standard that
		allows you to define optional authentication protocols. The
2 most common
		SASL are Kerberos and MD5 hash.

		If you are going to use LDAP as an authentication mechansim
for a seperate
		application, you can read about how to do this in a collumn
I wrote nearly a
		year ago:

	
http://developer.netscape.com/viewsource/index_frame.html?content=wilcox_lda
		p2.html

		Mark
		

[prev in list] [next in list] [prev in thread] [next in thread]