Menu
▾
▴
Re: chasing referrals
|
From: Terry D. <td...@bi...> - 2001-11-28 17:10:53
|
I personally like the facility to have a list of trusted hosts. John Berthels wrote: >>Basically my thought was that the user would have to tell Net::LDAP >>that they want to chase referrals by registering a sub which, given an >>LDAP URL, would create the connection and do the auth. >> >>I have not thought much beyond that, so if anyone want to bounce a few >>ideas, go ahead >> > >I think the ability to pass in a sub to do the bind is a good idea. > > >Presumably one concern is that chasing a referral attempts a bind to >another server, which involves presenting credentials, sometimes a >cleartext password. > > >Two thoughts are: > >- a referral chase could perform an anonymous bind (fail-safe as regards >password leakage) using the same protocol version [not by default, but as >an option] > >- a facility could be provided to declare a list of 'trusted' or >'equivalent' servers. Referrals to these servers should replay the >original credentials if possible (perhaps falling back to the >user-supplied sub if that fails). > >Of course these could be accomplished with the 'sub' approach, but is >either of the two bullets above useful behaviour? > >regards, > >jb > -- Terry Davis Systems Administrator BirdDog Solutions, Inc. (402) 829-6059 www.birddog.com |
