[Fedora-directory-users] Re:Certificate authentication with SASL External
David Boreham
david_list at boreham.org
Tue Feb 7 23:34:00 UTC 2006
> Remember that authentication is not the same as authorization - having
> the valid certificate just proves who you are to the server; the
> server doesn't have to accord you any privileges/authorization just
> because of that.
Correct, but the OP _wanted_ to make an authorization decision for this
identity, not just perform authentication.
I think what he wants is to be able to use the subject DN in the
client's cert
directly as the bind identity for access control purposes. This isn't
supported.
Not because the original developers missed some grand X.500 vision, but
because
nobody needed to do that (and haven't for 10 years, until now...).
More information about the Fedora-directory-users
mailing list