directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vinod Panicker <>
Subject Re: TLS + SASL external and ACLs.
Date Thu, 05 May 2005 06:41:30 GMT

On 5/5/05, Chris Betts <> wrote:
> Hi Folks,
>     I'm utterly ignorant about SASL at the server end, but at the client
> end all I had to do was write my own ssl socket factory (just extending
> the default Sun version) and manually feed it the client cert + key.
> At the server end can you do the same sort of trick in reverse and
> eavesdrop on the exchange to get the client certificate, and then use
> that to authenticate?  I guess I'm only thinking of the SASL external
> certificate authentication - I don't know about the other versions...

Basically the Java SASL framework allows registration of callback
handlers et al.  If the EXTERNAL mechanism is being used, there would
be a way to get the client credentials from the lower layers
(TLS/SSL).  Refer to section 9 of RFC 2829 and section 7.4 of RFC 2222
for more info.



View raw message