Selecting Appropriate Authentication Methods162 Red Hat Directory Server Deployment Guide • May 2005For more information about certificates and SSL, see Managing Servers with RedHat Console.Simple Password over TLSWhen a secure connection is established between Directory Server and a clientapplication using SSL or the Start TLS operation, the server can demand an extralevel of authentication by requesting a password. In such cases, the password isnot passed in clear over the wire.For more information about SSL, refer to “Securing Connections with SSL andStart TLS,” on page 185. For information about the StartTLS operation, refer to theRed Hat Directory Server Administrator’s Guide.Proxy AuthenticationProxy authentication is a special form of authentication because the userrequesting access to the directory does not bind with its own DN but with a proxyDN.The proxy DN is an entity that has appropriate rights to perform the operationrequested by the user. When you grant proxy rights to a person or an application,you grant the right to specify any DN as a proxy DN with the exception of theDirectory Manager DN.One of the main advantages of proxy right is that you can enable an LDAPapplication to use a single thread with a single bind to service multiple usersmaking requests against the Directory Server. Instead of having to bind andauthenticate for each user, the client application binds to the Directory Serverusing a proxy DN.The proxy DN is specified in the LDAP operation submitted by the clientapplication. For example:% ldapmodify -D "cn=manager" -w secretpwd -y"cn=joe,dc=example,dc=com" -b "example.com" -f mods.ldifThis ldapmodify command gives the manager entry (cn=manager) thepermissions of a user named Joe (cn=joe) to apply the modifications in themods.ldif file. The manager does not need to provide Joe’s password for makingthis change.
