On Fri, Feb 16, 2007 at 11:52:08AM -0800, Keith M Wesolowski wrote: > It turns out that this isn't terribly difficult to achieve with a few > minor changes to the existing code, which already provides support for > self-credentialed binding. Since I'm not an expert in this area, > however, I'd like to solicit feedback from those here who are. If > these changes are acceptable, I'd like to put them back into ON, as > they address Jason's needs (and presumably those of other customers as > well). > > See http://cr.grommit.com/~wesolows/ldap-rfe/ for webrev.
Would anyone knowledgeable like to provide feedback on this change, either in the context of providing useful functionality or of fixing 6526896? The changes I propose are simple and small, but I'm looking for an ns_ldap and/or PAM expert who can comment on the security implications. Cross-posting (my apologies) to security-discuss since no one here has responded. The back-story starts at http://www.opensolaris.org/jive/message.jspa?messageID=93101#93101. -- Keith M Wesolowski "Sir, we're surrounded!" FishWorks "Excellent; we can attack in any direction!"
