SASL supports client side certs. SASL supports everything, which is why we're using it :-)
On 25/01/07, Tomas Restrepo <[EMAIL PROTECTED]> wrote:
Hi Robert, > The other thing we definitely need to be able to support is mutual > authentication with SSL - i.e. the client must present a certificate > to the broker as well as the other way round. Mutual authentication would be a good features, though it does bring up a question: Isn't it a bit redundant to have client-side certificates for authentication and then for the client to also have to use SASL to authenticate yet again? Which of the two identity tokens would then be used for authorizing access to resources? And while we're at it, would someone find also useful to support anonymous (i.e. unauthenticated) access to the server for some scenarios? (the easiest way would be by supporting the ANONYMOUS mechanism per RFC 2245). Tomas Restrepo [EMAIL PROTECTED] http://www.winterdom.com/weblog/
