Hi Keith, Apologies for not responding sooner. I'll get someone (or shortly do it myself) to take a look at this and respond.
Apologies for not at least ACK'ing sooner. Doug. Keith M Wesolowski wrote: > On Fri, Feb 16, 2007 at 11:52:08AM -0800, Keith M Wesolowski wrote: > >> It turns out that this isn't terribly difficult to achieve with a few >> minor changes to the existing code, which already provides support for >> self-credentialed binding. Since I'm not an expert in this area, >> however, I'd like to solicit feedback from those here who are. If >> these changes are acceptable, I'd like to put them back into ON, as >> they address Jason's needs (and presumably those of other customers as >> well). >> >> See http://cr.grommit.com/~wesolows/ldap-rfe/ for webrev. > > Would anyone knowledgeable like to provide feedback on this change, > either in the context of providing useful functionality or of fixing > 6526896? The changes I propose are simple and small, but I'm looking > for an ns_ldap and/or PAM expert who can comment on the security > implications. Cross-posting (my apologies) to security-discuss since > no one here has responded. > > The back-story starts at > http://www.opensolaris.org/jive/message.jspa?messageID=93101#93101. >
