little confused over SSL and SASL. Am I correct in assuming SSL is
purely a certificate-based means of secure communications?
no, not exactly, see inline below.
Can I use
SASL to perform secure communications without having to specify
certificates, keys, etc? By authenticating securely, is all subsequent
communication between my app and the server also secure?
sasl is a framework were different security mechanisms can be
plugged in and negotiated to use between two hosts. depending
on sasl mechanism you use you can have different scenarios of
how and what auth is performed and if any non auth traffic [
read credentials ] in between two hosts is encrypted or not.
Basically I just want to have my app come up, authenticate with the
LDAP server without sending the username/password in clear text, and
then be able to perform queries. Any information you can provide would
be appreciated.
it depends what you wanna do. if you wanna just protect your
users credentials so they are not send in clear you can go
with sasl digest-md5 mech and sasl binds for example. if you
want all content flowing to be encrypted [ including creds ]
you can do so with ssl/tls. there are two things you have to
distinguish: 1. ldap over ssl/tls and 2. ldap over ssl/tls
with cert based client authentication. the former simply
encrypts ldap communication and the later does the same plus
use certs to authenticate. some links for more details :
http://docs.sun.com/source/817-6707/ssl.html
http://docs.sun.com/source/817-6707/ssl.html#wp26071
http://docs.sun.com/source/817-6707/sasl.html
http://docs.sun.com/source/816-6698-10/ssl.html#18500
_______________________________________________
mozilla-directory mailing list
mozilla-directory@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-directory
