Re: nslcd authc using certificates?

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: Phil.Nitschke [at] ultra-avalon.com, nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: nslcd authc using certificates?
Date: Sun, 26 Sep 2021 12:33:11 +0200

On Tue, 2021-09-21 at 16:28 +0930, Phil Nitschke wrote:
> So, my questions:
>   * Is this idea sensible?  (logically & from a security standpoint)
>   * Does the functionality already exist via another means?
>   * Is it worth pursuing via a feature-request?

It seems like a nice alternative for the rootpwmodpw option in
nslcd.conf (e.g. rootpwmodtls_cert) and would welcome code that
provides this functionality.

The difficult part (in terms of current code) is probably that the
client TLS certificate needs to be specified when opening the LDAP
connection and we need to switch to using the external authentication
mechanism for password modifications as root.

Also note that rootpwmoddn is only used for password resets by root and
you may be better off doing password resets via some other means (e.g.
to also force the user to change their password directly after the
reset).

Thanks,

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

nslcd authc using certificates?, Phil Nitschke
- Re: nslcd authc using certificates?, Arthur de Jong

Prev by Date: Re: running 0.9.11 testsuite usin OpenLDAP 2.5.7
Next by Date: Re: nslcd authc using certificates?
Previous by thread: nslcd authc using certificates?
Next by thread: Re: nslcd authc using certificates?