directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vinod Panicker <vino...@gmail.com>
Subject Re: TLS + SASL external and ACLs.
Date Thu, 05 May 2005 06:41:30 GMT
Hi,

On 5/5/05, Chris Betts <chris@pegacat.com> wrote:
> Hi Folks,
> 
>     I'm utterly ignorant about SASL at the server end, but at the client
> end all I had to do was write my own ssl socket factory (just extending
> the default Sun version) and manually feed it the client cert + key.
> At the server end can you do the same sort of trick in reverse and
> eavesdrop on the exchange to get the client certificate, and then use
> that to authenticate?  I guess I'm only thinking of the SASL external
> certificate authentication - I don't know about the other versions...
> 

Basically the Java SASL framework allows registration of callback
handlers et al.  If the EXTERNAL mechanism is being used, there would
be a way to get the client credentials from the lower layers
(TLS/SSL).  Refer to section 9 of RFC 2829 and section 7.4 of RFC 2222
for more info.

--snip--

Regards,
Vinod.

Mime
View raw message