Bug #3214
closedldapclient man page does not document tls:none setting
100%
Description
Way back when we first deployed Solaris 10 and I was configuring the LDAP naming services integration, there didn't appear to be any way to connect with an anonymous bind using SSL, the authentication options were either "none" (anonymous bind over insecure channel) or "tls:simple" (authenticated bind over encrypted channel). The necessity of authenticating in order to see the required data is completely orthogonal to the desire to validate the server and make sure the right one is actually talking to you :), so I opened a support ticket. The response was basically "we don't support that, we'll open an RFE, go away" <sigh>, and despite my attempts to get it classified as a security issue it went into limbo...
So I went to add a new authentication type "tls:none" to illumos, and to my great surprise actually found it already there, but undocumented. I made a tiny update to the ldapclient man page to include it, and am creating this issue to have an issue # to submit with it to RTI.
Files
Updated by Rich Lowe almost 10 years ago
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100
Resolved in r13831 commit:df991d875843