|
Performing Pass-Through Authentication. We do not ignore traditional
authentication and access control methods with computer network support. Unless configured
for anonymous authentication (also called anonymous bind), the destination
LDAP server will expect a client to authenticate prior to data retrieval. Some
Virtual Directory implementations allow a static username and password to be
used for every transaction, but this defeats the purpose of fine-grained access
control. Rather, we will pass the original client username and password, obtained
from the AS and password provided by the client, to perform an initial bind prior
to data retrieval. If this bind is not successful, then no data transmission occurs
between the virtual directory and the client.
|
