DXmanager lets you define how much each DSA should trust another. By default, security is tight. The settings let you selectively relax security between DSAs.
In a distributed network of DSAs, users can bind to one DSA when their entries are held on a second DSA. When the initial bind is made, the DSA can forward the password compare check to a second DSA if certain authentication parameters are set.
To allow users to bind to a local DSA when their details are held on a remote DSA, the Allow check password value must be set to true in DXmanager. This is set to true by default.
When a bind is requested, the local DSA forwards a Password Compare request to the remote DSA. If this returns a Compare Confirm with the assertion true, the local DSA returns a Bind Confirm message to the user.
A request can include a chaining-prohibited control. CA Directory ignores this control.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |