IETF Logo Mail Archive

Re: Comments from Christian H. on LDAP

Russ Wright <wright@lbl.gov> Tue, 05 January 1993 17:01 UTC

Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa04452; 5 Jan 93 12:01 EST
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa04448; 5 Jan 93 12:01 EST
Received: from haig.cs.ucl.ac.uk by CNRI.Reston.VA.US id aa08056; 5 Jan 93 12:02 EST
Received: from bells.cs.ucl.ac.uk by haig.cs.ucl.ac.uk with local SMTP id <g.02531-0@haig.cs.ucl.ac.uk>; Tue, 5 Jan 1993 16:18:41 +0000
Received: from lbl.gov by bells.cs.ucl.ac.uk with Internet SMTP id <g.22147-0@bells.cs.ucl.ac.uk>; Tue, 5 Jan 1993 16:18:32 +0000
Received: from Mac-mailer (macruss.lbl.gov) by lbl.gov (4.1/1.39) id AA16261; Tue, 5 Jan 93 08:19:22 PST
Message-Id: <9301051619.AA16261@lbl.gov>
Date: Tue, 05 Jan 93 08:18:18 -800
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Russ Wright <wright@lbl.gov>
To: Erik Huizer <Erik.Huizer@surfnet.nl>
Subject: Re: Comments from Christian H. on LDAP
Cc: RARE & IETF OSI-DS wg <osi-ds@cs.ucl.ac.uk>, Christian Huitema <Christian.Huitema@sophia.inria.fr>

> 2- There should be a provision to use the common authentication 
> technology. In particular, one should be able to include a 
> challenge/response mechanism and the use of PEM certificates.

> 3- Do we really need to carry the X.500 update operations over 
> the network? We could probably do without!

If you mean "should LDAP include a modify operation", my answer is yes.  
If you have a good authentication infrastructure, you can allow everyone 
at a site to update their own information.  Since not everyone will have a 
machine capable of doing DAP, we need some lightweight protocol that 
supports modifies.

The problem is what type of authentication should it use.  The U of 
Michigan folks are using Kerberos, others may want to see a solution to #2 
above.

Russ

v2.8.7 | Report a Bug | By Email