8 Dec
2014
8 Dec
'14
3:42 a.m.
lux-integ wrote:
On Monday 08 December 2014 09:51:47 Dieter Klünter wrote:
RFC-4513 describes LDAP Authentication Methods. I don't know much about HSM/smartcards, but if the provided key is a X.509 certificate, than it would be simple
yes I will consider x509 certificates placed within the smart-card
Then using smartcards is mostly a client issue with the client being able to send SASL/EXTERNAL at least. On the server you probably want to define a authz-regexp mapping (besides correctly configuring the trust anchor for the client certs).
As said: If you use libldap you could use PKCS#11 provider module with OpenSSL's pkcs11 engine of libnss.
If you're using other LDAP client APIs you have to dive into what they provide.
Ciao, Michael.