Oracle® Internet Directory Administrator's Guide 10g (9.0.4) Part Number B12118-01 |
|
Directory Security Concepts, 8 of 8
The section "Direct Authentication" introduced the use of SASL within an Oracle Internet Directory environment. This section describes more fully how SASL works. It contains these topics:
When a SASL-enabled client seeks Digest-MD5 authentication to a server, the authentication process is as follows:
Oracle Internet Directory provides SASL-external authentication over an SSL connection in which both client and server authenticate themselves to each other by providing certificates. The DN is derived from the client certificate used in the SSL network negotiation.
When a client seeks authentication to a directory server by using an external authentication mechanism such as SSL, the authentication process is as follows:
The system providing the external information may be IPsec or SSL/TLS. If the client sends an empty string as the authorization identity, then the authorization identity is derived from the client authentication credentials in the system providing external authentication--for example, the SSL certificate.
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|