This discussion is archived
3 Replies Latest reply: Apr 14, 2011 1:49 AM by Dude! RSS

Is SSL Mutual Authentication mode supported?

user714655 Newbie
Currently Being Moderated
Folks,
Looking for clarification of Chapter/Section 3.1.1 from the "Oracle® Fusion Middleware Administrator's Guide for Oracle Authentication Services for Operating Systems 11g Release 1 (11.1.1)" which states:

"3.1.1 SSL Support

Oracle Internet Directory can be configured for SSL-no authentication, SSL-server authentication and SSL-mutual authentication modes. In all three modes, the data is encrypted during transmission. Oracle Internet Directory comes pre-configured with the SSL-no authentication mode. However, some clients such as the PAM_LDAP clients used for Linux user authentication do not support this mode and only support SSL-server authentication mode."

This statement readily covers NON-SSL, SSL-NoAuth, and SSL-Server authentication modes, however the answer to the question of mutual authentication is ambiguous.

The wording seems to indicate some PAM's may not support Mutual Auth and only support NON-SSL and SSL-Server Auth. Is there any reason why Mutual SSL Authentication would be an issue? I expect if not that we would have to manually update the keystore's as the scripts seem to only configure NON-SSL, SSL-No Auth, and SSL-Server Auth. I'm guessing Mutual Auth would require us to use a service account?

Eddie Souders

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points