Defining Access Based On Authentication Method - Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for DIRECTORY SERVER 8.0 - ADMINISTRATION:
- Installation manual (128 pages) ,
- Command reference manual (278 pages)
Table of Contents
Advertisement
6.4.9. Defining Access Based on Authentication Method
The authmethod keyword sets the specific method that a client uses to bind to the directory. There
are four available authentication methods:
• None. Authentication is not required. This is the default. It represents anonymous access.
• Simple. The client must provide a user name and password to bind to the directory.
• SSL. The client must bind to the directory using some kind of PKI credentials, meaning a client must
present an SSL certificate either in a database or on a smart card, token, or some other device.
Certificate-based authentication, as one method, is described in
Based
Authentication".
• SASL. The client must bind to the directory over a Simple Authentication and Security Layer (SASL)
connection. Directory Server supports three SASL mechanisms: EXTERNAL, CRAM-MD5, DIGEST-
MD5, and GSS-API (for Kerberos systems). For information on setting up SASL, see
Managing
SASL.
NOTE
You cannot set up authentication-based bind rules through the Access Control Editor.
The LDIF syntax for setting a bind rule based on an authentication method is as follows:
authmethod = "sasl_mechanism
sasl_mechanism can be none, simple, ssl, or "sasl sasl_mechanism".
6.4.9.1. Examples
The following are examples of the authmethod keyword:
• Authentication is not checked during bind rule evaluation.
authmethod = "none";
• The bind rule is evaluated to be true if the client is accessing the directory using a username and
password.
authmethod = "simple";
• The bind rule is evaluated to be true if the client authenticates to the directory using a certificate
over LDAPS. This is not evaluated to be true if the client authenticates using simple authentication
(bind DN and password) over LDAPS. The authmethod = "ssl" means that a certificate must
be presented to authenticate to the server. This does not configure a required connection type, even
though SSL has to be used with certificate-based authentication.
authmethod = "ssl";
Defining Access Based on Authentication Method
Section 11.6, "Using Certificate-
Chapter 12,
169
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
Related Products for Red Hat DIRECTORY SERVER 8.0 - ADMINISTRATION
- Red Hat DIRECTORY SERVER 2.0 - GATEWAY
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 8.0 - ADMINISTRATION and is the answer not in the manual?
Questions and answers