Re: storing ldap passwords on HSM
Am Mon, 8 Dec 2014 08:13:25 +0000
schrieb "lux-integ" <lux-integ(a)btconnect.com>:
Greetings,
I have been searching webpages for guidance on using a smartcard
( also know as an HSM ) for storing passwords for an ldap database
on a linux system.
This would include for instance how would the userPassword
(attrribute) be specified - i.e. how to specify the
userPassword to read the PIN/SO- PIN/PUK{whatever} of the
HSM/smart-card etc etc ??
Any guidance would be much appreciated.
RFC-4513 describes LDAP Authentication Methods. I don't know much about
HSM/smartcards, but if the provided key is a X.509 certificate, than it
would be simple. RFC-4422 describes SASL, if your smatcard provider is
complying with this RFC, than it could be realised.
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E