Table of Contents
Advertisement
Selecting Appropriate Authentication Methods
For more information about certificates and SSL, see Managing Servers with Red
Hat Console.
Simple Password over TLS
When a secure connection is established between Directory Server and a client
application using SSL or the Start TLS operation, the server can demand an extra
level of authentication by requesting a password. In such cases, the password is
not passed in clear over the wire.
For more information about SSL, refer to "Securing Connections with SSL and
Start TLS," on page 185. For information about the StartTLS operation, refer to the
Red Hat Directory Server Administrator's Guide.
Proxy Authentication
Proxy authentication is a special form of authentication because the user
requesting access to the directory does not bind with its own DN but with a proxy
DN.
The proxy DN is an entity that has appropriate rights to perform the operation
requested by the user. When you grant proxy rights to a person or an application,
you grant the right to specify any DN as a proxy DN with the exception of the
Directory Manager DN.
One of the main advantages of proxy right is that you can enable an LDAP
application to use a single thread with a single bind to service multiple users
making requests against the Directory Server. Instead of having to bind and
authenticate for each user, the client application binds to the Directory Server
using a proxy DN.
The proxy DN is specified in the LDAP operation submitted by the client
application. For example:
% ldapmodify -D "cn=manager" -w secretpwd -y
"cn=joe,dc=example,dc=com" -b "example.com" -f mods.ldif
This
permissions of a user named Joe (
mods.ldif
this change.
162
Red Hat Directory Server Deployment Guide • May 2005
command gives the manager entry (
ldapmodify
file. The manager does not need to provide Joe's password for making
cn=manager
) to apply the modifications in the
cn=joe
) the
Advertisement
Table of Contents
