3 Replies Latest reply on Apr 14, 2011 8:49 AM by Dude!

    Is SSL Mutual Authentication mode supported?

      Looking for clarification of Chapter/Section 3.1.1 from the "Oracle® Fusion Middleware Administrator's Guide for Oracle Authentication Services for Operating Systems 11g Release 1 (11.1.1)" which states:

      "3.1.1 SSL Support

      Oracle Internet Directory can be configured for SSL-no authentication, SSL-server authentication and SSL-mutual authentication modes. In all three modes, the data is encrypted during transmission. Oracle Internet Directory comes pre-configured with the SSL-no authentication mode. However, some clients such as the PAM_LDAP clients used for Linux user authentication do not support this mode and only support SSL-server authentication mode."

      This statement readily covers NON-SSL, SSL-NoAuth, and SSL-Server authentication modes, however the answer to the question of mutual authentication is ambiguous.

      The wording seems to indicate some PAM's may not support Mutual Auth and only support NON-SSL and SSL-Server Auth. Is there any reason why Mutual SSL Authentication would be an issue? I expect if not that we would have to manually update the keystore's as the scripts seem to only configure NON-SSL, SSL-No Auth, and SSL-Server Auth. I'm guessing Mutual Auth would require us to use a service account?

      Eddie Souders