From dev-return-5744-apmail-directory-dev-archive=directory.apache.org@directory.apache.org Thu May 05 05:48:09 2005 Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 3109 invoked from network); 5 May 2005 05:48:08 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 5 May 2005 05:48:08 -0000 Received: (qmail 63911 invoked by uid 500); 5 May 2005 05:50:19 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 63872 invoked by uid 500); 5 May 2005 05:50:19 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 63852 invoked by uid 99); 5 May 2005 05:50:19 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=RCVD_BY_IP X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from smtp1.superb.net (HELO smtp1.superb.net) (207.228.225.14) by apache.org (qpsmtpd/0.28) with ESMTP; Wed, 04 May 2005 22:50:19 -0700 Received: (qmail 5552 invoked by uid 503); 5 May 2005 05:48:07 -0000 Received: from unknown (HELO ?192.168.0.3?) (chris@pegacat.com@220.253.114.92) by 207.228.225.14 with ESMTPA; 5 May 2005 05:48:07 -0000 Mime-Version: 1.0 (Apple Message framework v622) In-Reply-To: References: <42789086.1090107@wanadoo.fr> <4278C62B.9020609@bellsouth.net> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <028f55ed4246dec15110f047688c31ae@pegacat.com> Content-Transfer-Encoding: 7bit From: Chris Betts Subject: Re: TLS + SASL external and ACLs. Date: Thu, 5 May 2005 15:50:24 +1000 To: "Apache Directory Developers List" X-Mailer: Apple Mail (2.622) X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Hi Folks, I'm utterly ignorant about SASL at the server end, but at the client end all I had to do was write my own ssl socket factory (just extending the default Sun version) and manually feed it the client cert + key. At the server end can you do the same sort of trick in reverse and eavesdrop on the exchange to get the client certificate, and then use that to authenticate? I guess I'm only thinking of the SASL external certificate authentication - I don't know about the other versions... Like I say though, I don't know much about the server side of these things :-) - Chris > > Alex, the caveat is that sasl in Java is only provided since 1.5. If > you are looking at 1.4 support, there might be other third party > implementations, but I'm currently not aware of them. > > Regards, > Vinod. > --snip-- >