directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrique Rodriguez <erodrig...@apache.org>
Subject Re: auth howto?
Date Sat, 04 Dec 2004 23:38:24 GMT
Alex Karasulu wrote:
> Mark Swanson wrote:
> 
>> Hello,
>>
>> I see there is an empty Jira issue (64) for auth policies, but I was 
>> wondering if there was a quick and dirty paragraph available for 
>> authentication and access control config and current status.
>>  
>>
> Yeah its almost nil at this point Mark sorry.  We need to build the 
> authorization subsystem.  Right now there are only some hard coded rules 
> for protecting passwords and the admin user account.
> For authentication there's very little as well.  We only support simple 
> authentication at this point. Enrique might look into SASL/GSSAPI at 
> some point.  For the simple authentication here are the guidelines:
> 
> For the security principal just make sure you use a DN to an entry that 
> has a userPassword field.  Right now the password is not using hashes 
> like md5 or crypt.  It's all clear text as a byte[].  We can change this 
> and need to soon but not in this release.
> 
> You have anything particular in mind or any use cases you need taken 
> care of?

My question, too, Mark.  How would you want it to work?

When I first developed the Kerberos server it was against OpenLDAP with 
SASL-GSSAPI enabled in JNDI to do high QoP and mutual auth.  My plan was 
to help Alex add that to Eve's LDAP.  It would require you to run 
Kerberos, though.  But, we'll make that pretty easy to do with our 
integrated Kerberos/LDAP/Eve build.

-enrique

> 
> Alex

Mime
View raw message