[sclug] Re: [dev-crypto] SMIME Opinions

Matt matt at bodgit-n-scarper.com
Mon Nov 29 16:03:45 UTC 2004


* Chris Aitken <chris at ion-dreams.com> [2004-11-29 15:58:04]:
> > 
> > This sounds like a really bad idea. I'm not an LDAP expert, 
> > but isn't the idea of LDAP to provide *access* to data? 
> > Whereas the whole point of private keys is that they should 
> > be kept private, ie. secret?
> 
> To an extent. Generally (openLDAP) you can bind as an anonymous user and
> view *most* branches & trees (does that make a uid a leaf?). Bind as a
> particular user, and you'll have access to your password. The Admin CN will
> have access to everything.

That's generally up to the ACLs defined on the directory, you can make
them whatever you want, apart from the rootdn, as you say. You can deny
anonymous binds, or require them to be over TLS, etc.

Matt
-- 
"I know it's your T1 because our network guy teleported into the Baywatch
hub and checked it!"
"It's 'telnet' and 'Bay Networks'."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.tmdg.co.uk/pipermail/sclug/attachments/20041129/db640a55/attachment.bin


More information about the Sclug mailing list