At 01:56 AM 2/17/2006, François Beretti wrote: >I know that this is quite off topic, but I am wondering how to use >SASL/EXTERNAL authentication with a certificate stored on a smartcard. > >For me it is not under the entire responsibility of the ssl library, >since the LDAP library provide the certificate file, using the >ldap.conf rules. When using a smartcard, you don't use a certificate >file, since everything is in the smartcard, and not in the filesystem. >So it seems that the LDAP library is uncompatible with smartcard TLS >authentication. > >Am I wrong ? >Does someone have any link toward a way to achieve this ?
In our external I-D management for SASL, we merely ask TLS if there is a user certificate. We don't care whether it came from a file or not. Now, TLS needs access to the user certificate and generally relies on calling routines to provide the certificate location via a file name. We do this through ldap.conf(5) mechanisms. If TLS exposes another interface for providing user certificates, OpenLDAP could certainly be extended to support that interface. In which case, feel free to code something up and/or file an ITS for a feature enhancement. Kurt
