Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-641

provide a security context to org.apache.directory.server.core.authn.AbstractAuthenticator.authenticate()

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 1.0-RC3
    • 2.1.0
    • authn
    • None
    • windows and linux

    Description

      The ldap application we are working on has high security requirements, both in terms of "fine-grained"-policies we need to be able to implement as well as for the audit trail we must be able to provide.

      For that, we should be able to distinguish/ensure/record in our authenticate() method

      • whether the bind request was received unprotected or protected
      • if with SSL protected, what session key was negotiated (if with 256+bit AES, client is entitled to see more than with 128 bit, let alone 40).
        These give our application strong hints whether we must consider a credential (passwords in particular) compromised or not.

      I assume this would either imply adding 1-2 more parameters to the method interface of
      LdapPrincipal org.apache.directory.server.core.authn.AbstractAuthenticator.authenticate(ServerContext ctx)
      or extending the ServerContext object correspondingly.

      Attachments

        Activity

          People

            Unassigned Unassigned
            ralfhauser Ralf Hauser
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated: