This content has been marked as final. Show 3 replies
Mutual authentication is a security feature in which a client process must prove its identity to a service, and the service must prove its identity to the client, before any application traffic is transmitted over the client/service connection. Perhaps some PAM_LDAP clients do not have support for this and PAM and External Authentication are mutual exclusive.
Edited by: Dude on Apr 13, 2011 4:14 AM
Understanding that we'd have to manually update the keystore to include the 'client' certificate, and accepting that the certificate would need to be based on the hostname, Are you aware of any PAM's which would have this limitation?
My experience and knowledge in this area is limited, but perhaps you will find the following article interesting, in particular regarding SASL mechanism outlined at the end: http://download.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html