I think I got the overall picture but I do not understand
how LDAP knows what key to prove possession of unless you
have as I suggested do an initial browser-2-web server auth
first.
Anders
Emmanuel Dreyfus wrote:
Anders Rundgren <anders.rundg...@telia.com> wrote:
I can't say I fullu understand what you want to do.
Would you use TLS client-cert-auth to the proxy and then let the
application based on received cert do a popCR?
Are we talking javascript or native code?
Here is the thing:
brower ---> unprivileigied web app ---> LDAP directory
For password authentications, no problem: the web app just hands the
password to the LDAP directory and get an authenticated BIND on behalf
of the user. Now the question is how to reproduce that with certificate
authentication?
The idea is to implement a new authenication method (through an SASL
plugin): the LDAP directory would send a popChallengeResponse, and the
brower could answer it (javascript code). The answer goes back to the
LDAP directory, and here you are.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
