Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-1172

Sasl PLAIN mechanism should only be enabled/offered after TLS layer is establish

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • 2.0.0-RC1
    • rootDSE
    • None

    Description

      From RFC 4513 section 3.1.5:

      "The server may advertise different capabilities after installing a
      TLS layer. In particular, the value of 'supportedSASLMechanisms' may
      be different after a TLS layer has been installed (specifically, the
      EXTERNAL and PLAIN [PLAIN] mechanisms are likely to be listed only
      after a TLS layer has been installed)."

      So we should only expose the PLAIN or EXTERNAL mechanism as a value in the RootDSE's supportedSASLMechanisms attribute for those clients possessing sessions with TLS confidentiality.

      Attachments

        Activity

          People

            Unassigned Unassigned
            akarasulu Alex Karasulu
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: