directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu (JIRA)" <>
Subject [jira] Commented: (DIRSERVER-1217) Binds with referrals can be used for delegated authentication
Date Wed, 06 Aug 2008 01:10:46 GMT


Alex Karasulu commented on DIRSERVER-1217:

             * NOTE: if this is done then this handler should extend the 
             * a modified form of the SingleReplyRequestHandler so it can 
             * detect conditions where ancestors of the DN are referrals
             * and delegate appropriately.

> Binds with referrals can be used for delegated authentication
> -------------------------------------------------------------
>                 Key: DIRSERVER-1217
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: New Feature
>            Reporter: Alex Karasulu
>             Fix For: 1.5.5
> It's possible to perform delegated authentication by handling referral chasing in the
server on bind operations.  This could be a new external authentication mechanism.  If a bind
request using a principalDn represents a referral or does not exist but has a referral at
some ancestor in the DN then the server can delegate the authentication to the target server.
 If the target server referrenced in the ref attribute authenticates the user then ApacheDS
accepts the user as authenticated.  

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message