Traffic on any link is generally carried at the same security level.
If the initial bind was made using a strong SSL certificate-based connection then communication between DSAs occurs at the SSL security level. Alternatively, if the initial bind was made using no authentication, then all communication would occur at the same level.
SSL authentication is carried on an SSL bind
Simple authentication is carried on a clear-password bind
Anonymous authentication is carried on an anonymous bind
The following diagram illustrates this:
This presents two potential issues:
No compatible link type.
To overcome these potential issues, you can either change the authentication levels so that a compatible link can be established, or upgrade or downgrade the trust levels between distributed DSAs.
A link is upgraded if a DSA uses a higher level of authentication to forward a clients request to another DSA that is higher than the authentication level used by the client to bind to the DSA.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |