On Tue, 8 Jan 2002, Douglas Gray Stephens wrote:
> So given that exim has does not keep the LDAP session open, then there
> no way to decide when to switch from "sniffable" ldap to starttls
> ("unsniffable").
>
> In this case I agree that the current ldaps should be sufficient.
>
> Does (or should) exim check the credentials for the encrypted session
Probably not. It just calls the relevant LDAP function.
On Tue, 8 Jan 2002, Tabor J. Wells wrote:
> STARTTLS seems to be the way many services are going towards to implement
> SSL rather than dedicating an alternate port. I think the best thing to do
> would be to support both to allow sites which can't/don't want to run LDAP
> SSL on an alternate port, could still do lookups in an encrypted fashion.
Aha! That provides me with a bit of information I had not realized.
Namely, the difference between the two is whether an alternate port is
used or not. (I should have realized. It's the same with SMTP.)
OK, I'll take a look at the starttls part of the patch.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
