directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: TLS + SASL external and ACLs.
Date Sat, 07 May 2005 18:19:52 GMT
David Boreham wrote:

>> BTW Can I get some pointers to StartTLS and SASL?  I don't know much 
>> about them.
> Start TLS :
> (Start TLS is easy: client sends a special extended op to the
> server that says 'after you send me a postitive response to
> this operation, flip the connection over to SSL/TLS').
> Start TLS is a mechanism for avoiding the need to listen
> on a separate port for SSL connections.
> (As we've seen, SASL is a rather complicated mult-functional
> thing. I've personally found it necessary to read the source
> code from the reference implementation in order to fully
> understand how to implement parts of it, because the
> RFCs are not 100% clear or complete).
> (Not all of the full SASL gamut is needed nor commonly used with
> LDAP).

Dave looks like you have some extended experience with both Start TLS 
and SASL.  How about taking this on for us :) ?


View raw message