Simple Authentication and Security Layer - Sun OpenDS Standard Edition 2.2 Glossary of LDAP and Directory Terminology

Exit Print View
Sun OpenDS Standard Edition 2.2 Glossary of LDAP and Directory Terminology

Previous

Next

Document Information

abandon operation

abstract object class

Abstract Syntax Notation One

access control instruction (ACI)

access control rule

account expiration

account lockout

account status notification

account usability control

AND search filter

ANONYMOUS SASL mechanism

approximate index

approximate search filter

assertion value

attribute description

attribute option

attribute syntax

attribute usage

attribute value

attribute value assertion

authentication ID

authentication password syntax

authorization ID

authorization identity control

auxiliary object class

base64 encoding

Basic Encoding Rules

Berkeley DB Java Edition

cancel extended operation

certificate mapper

cn=Directory Manager

collective attribute

Common Development and Distribution License

compare operation

connection handler

CRAM-MD5 SASL mechanism

crypt algorithm

delete operation

deprecated password storage scheme

dereference policy

DIGEST-MD5 SASL mechanism

directory information tree

directory manager

directory server

directory server agent

Directory Services Markup Language

distinguished name

DIT content rule

DIT structure rule

DSA-specific entry

entry change notification control

equality search filter

extended operation

extensible match index

extensible match search filter

EXTERNAL SASL mechanism

failover algorithm

generalized time

get effective rights control

global index catalog

greater than or equal to search filter

GSSAPI SASL mechanism

id2entry database

identity mapper

idle account lockout

in-core restart

index entry limit

intermediate response

Java Management Extensions

key manager provider

last login time

lastmod plug-in

LDAP assertion control

ldapcompare tool

LDAP Data Interchange Format

ldapdelete tool

LDAP false filter

LDAP intermediate response

LDAP modify DN operation

LDAP modify operation

ldapmodify Tool

LDAP no-op control

LDAP post-read control

LDAP pre-read control

LDAP search filter

ldapsearch tool

less than or equal to search filter

lexico algorithm

Lightweight Directory Access Protocol

lookthrough limit

manage DSA IT control

matched values control

matching rule use

modification type

modify DN operation

modify operation

normalized value

notice of disconnection unsolicited notification

NOT search filter

numeric algorithm

object class type

object identifier

operational attribute

OR search filter

password expiration

password generator

Password Modify extended operation

password policy

password policy control

password storage scheme

password validator

persistent search control

PLAIN SASL mechanism

presence search filter

proportional algorithm

protocol data unit

proxied authorization control

quality of protection

QuickSetup installer

real attributes only control

referential integrity

relative distinguished name

replication repair control

request for comments

saturation algorithm

saturation alert

saturation threshold

schema checking

search attributes

search operation

search result done

search result entry

search result reference

Secure Hash Algorithm

Secure Sockets Layer

server-side sort control

simple authentication

Simple Authentication and Security Layer

simple paged results control

StartTLS extended operation

structural object class

subschema subentry

substring assertion

substring index

substring search filter

subtree delete control

supported control

supported extension

supported feature

synchronization

Transport Security Layer

trust manager provider

unbind operation

unindexed search

UNIX crypt algorithm

unsolicited notification

virtual attribute

virtual attributes only control

virtual directory

virtual list view control

virtual static group

"Who Am I?" extended operation

workflow element

writability mode

Simple Authentication and Security Layer

The Simple Authentication and Security Layer (SASL) is an extensible framework that is primarily used for authentication users, but in some cases it may also be used for protecting the underlying communication channel. The core functionality of SASL is described in RFC 4422, but a number of SASL mechanisms are described in other specifications.

The SASL mechanisms supported by the directory server include:

ANONYMOUS: This mechanism doesn't actually authenticate users to the server, but can be used to destroy a previous authentication session.
CRAM-MD5: This mechanism provides a way for users to authenticate to the server using a password in a manner that does not expose the password itself. It is similar to, but weaker than, the DIGEST-MD5 SASL mechanism, and doesn't provide any way for ensuring connection integrity or confidentiality.
DIGEST-MD5: This mechanism provides a way for users to authenticate to the server using a password in a manner that does not expose the password itself. It is similar to, but stronger than, the CRAM-MD5 SASL mechanism, and also provides a way to ensure connection integrity and/or confidentiality.
EXTERNAL: This mechanism provides a way for users to authenticate to the server using information available outside of the LDAP communication that has been performed (for example, the certificate that a client presented when performing SSL or StartTLS negotiation).
GSSAPI: This mechanism provides a way for users to authenticate to the server using a Kerberos V5 session. It also provides a mechanism that can be used to ensure connection integrity and/or confidentiality.
PLAIN: This mechanism provides a way for users to authenticate to the server with a username and password. It is similar to the protection offered by simple authentication, but may be more convenient in that users can identify themselves with a username rather than a distinguished name.

Legal Copyright 1994-2009 Sun Microsystems, Inc.

Previous

Next