[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] simple bind for ldap hdb backend

To: lukeh@PADL.COM
Subject: Re: [PATCH] simple bind for ldap hdb backend
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Wed, 1 Nov 2006 17:52:30 -0800
Cc: hyc@highlandsun.com, haizaar@gmail.com, heimdal-discuss@sics.se
In-Reply-To: <200610260247.k9Q2lkrm066722@au.padl.com>
References: <cfb54190610250826q25cfe100rbff298a816d177ff@mail.gmail.com> <453FB7B3.1000907@highlandsun.com> <cfb54190610251450i78b27f91g7f8d1af70444d709@mail.gmail.com> <453FE527.2010102@highlandsun.com> <200610260247.k9Q2lkrm066722@au.padl.com>
Sender: owner-heimdal-discuss@sics.se

On Oct 25, 2006, at 7:47 PM, Luke Howard wrote:

>
>> When you're new to the business, it's not a good idea to destroy its
>> infrastructure your first time out. Better to learn how it actually
>> works first, before trying to change how it works.
>
> Agreed -- SASL EXTERNAL is specified directly in the code for a very
> good reason. :-)

He does have one good point though:  it would be better not to  
advertise SASL_EXTERNAL to physically external LDAP clients, unless  
you support SASL_EXTERNAL with a SSL/TLS-supplied identity.  I think  
most LDAP servers that support SASL_EXTERNAL (correctly) only do it  
for connections from the same machine.

This is a nit that bothers me about our Sun LDAP server.
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: [PATCH] simple bind for ldap hdb backend
  - From: Howard Chu <hyc@highlandsun.com>

Next by Date: Re: Is there no gss_nt_service_name in Heimdal Kerberos
Next by thread: Re: [PATCH] simple bind for ldap hdb backend
Index(es):
- Date
- Thread