directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Boreham <>
Subject Re: [Servser] SSL Support?
Date Thu, 22 Sep 2005 15:04:52 GMT
Trustin Lee wrote:

> Thank you for your clarification!  So there are two ways for users to 
> authenticate themselves in a secure manner; one with LDAPS and the 
> other with SASL, right?

Not quite. SASL is the generic authentication framework.
It has various alternative mechanisms. One of them is
SASL-EXTERNAL, which basically says 'get the authentication
credentials from the transport layer' (SSL in this case).
There are other SASL mechanisms, such as GSSAPI
where the credentials come in the BIND PDU payload.

So to perform cert-based auth to an LDAP server,
you use both SSL and SASL.

View raw message