Hi Kurt, Thank you very much for your answer. I am not easy at all with TLS and OpenLDAP hacking, and I don't know how TLS can expose interfaces. I will post about this on specific forums and see what I can do.
Regards, François Beretti 2006/2/17, Kurt D. Zeilenga <[EMAIL PROTECTED]>: > At 01:56 AM 2/17/2006, François Beretti wrote: > >I know that this is quite off topic, but I am wondering how to use > >SASL/EXTERNAL authentication with a certificate stored on a smartcard. > > > >For me it is not under the entire responsibility of the ssl library, > >since the LDAP library provide the certificate file, using the > >ldap.conf rules. When using a smartcard, you don't use a certificate > >file, since everything is in the smartcard, and not in the filesystem. > >So it seems that the LDAP library is uncompatible with smartcard TLS > >authentication. > > > >Am I wrong ? > >Does someone have any link toward a way to achieve this ? > > In our external I-D management for SASL, we merely ask TLS > if there is a user certificate. We don't care whether it > came from a file or not. > > Now, TLS needs access to the user certificate and generally > relies on calling routines to provide the certificate > location via a file name. We do this through ldap.conf(5) > mechanisms. If TLS exposes another interface for providing > user certificates, OpenLDAP could certainly be extended > to support that interface. In which case, feel free > to code something up and/or file an ITS for a feature > enhancement. > > Kurt > > > >
