directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf Hauser (JIRA)" <j...@apache.org>
Subject [jira] Created: (DIRSERVER-641) provide a security context to org.apache.directory.server.core.authn.AbstractAuthenticator.authenticate()
Date Sun, 11 Jun 2006 13:41:29 GMT
provide a security context to org.apache.directory.server.core.authn.AbstractAuthenticator.authenticate()
---------------------------------------------------------------------------------------------------------

         Key: DIRSERVER-641
         URL: http://issues.apache.org/jira/browse/DIRSERVER-641
     Project: Directory ApacheDS
        Type: New Feature

  Components: core  
    Versions: 1.0-RC3    
 Environment: windows and linux
    Reporter: Ralf Hauser


The ldap application we are working on has high security requirements, both in terms of "fine-grained"-policies
we need to be able to implement as well as for the audit trail we must be able to provide.

For that, we should be able to distinguish/ensure/record in our authenticate() method
- whether the bind request was received unprotected or protected
- if with SSL protected, what session key was negotiated (if with 256+bit AES, client is entitled
to see more than with 128 bit, let alone 40). 
These give our application strong hints whether we must consider a credential (passwords in
particular) compromised or not.

I assume this would either imply adding 1-2 more parameters to the method interface of
        LdapPrincipal org.apache.directory.server.core.authn.AbstractAuthenticator.authenticate(ServerContext
ctx) 
or extending the ServerContext object correspondingly.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message