directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Blanchard <blt...@wanadoo.fr>
Subject Re: TLS + SASL external and ACLs.
Date Fri, 06 May 2005 14:02:41 GMT
Sorry but I have another question for this thread.

Someone told me that TLS was implemented in mina and I can not see 
where. I just saw the SSL Filter.
Maybe I have missed something. Could someone tell me how it works briefly ?

Thanks
Tony Blanchard

Vinod Panicker a écrit :

>Hi,
>
>On 5/5/05, Chris Betts <chris@pegacat.com> wrote:
>  
>
>>Hi Folks,
>>
>>    I'm utterly ignorant about SASL at the server end, but at the client
>>end all I had to do was write my own ssl socket factory (just extending
>>the default Sun version) and manually feed it the client cert + key.
>>At the server end can you do the same sort of trick in reverse and
>>eavesdrop on the exchange to get the client certificate, and then use
>>that to authenticate?  I guess I'm only thinking of the SASL external
>>certificate authentication - I don't know about the other versions...
>>
>>    
>>
>
>Basically the Java SASL framework allows registration of callback
>handlers et al.  If the EXTERNAL mechanism is being used, there would
>be a way to get the client credentials from the lower layers
>(TLS/SSL).  Refer to section 9 of RFC 2829 and section 7.4 of RFC 2222
>for more info.
>
>--snip--
>
>Regards,
>Vinod.
>
>
>
>  
>



Mime
View raw message