[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5195) ssf not available during sasl bind

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5195) ssf not available during sasl bind
From: quanah@zimbra.com
Date: Tue, 30 Oct 2007 01:38:35 GMT

--On Monday, October 29, 2007 11:45 PM +0000 russell-openldap@stuart.id.au 
wrote:

> On Mon, 2007-10-29 at 18:07 +0100, Hallvard B Furuseth wrote:
>> No, you've forced users who authenticate against userPassword
>> to be encrypted.  Not all SASL methods, nor auth with rootpw.
>
> Thats a worry.  Rootpw aside, the intended objective of
> the ACL was to ensure passwords were never sent in the
> clear.  Either a protocol like CRAM-MD5 was used, or the
> entire link is encrypted.  Does it not do that?  (Actually
> it doesn't.  It should have been sasl_ssf=71.  But bugs
> aside ...)
>
> Secondly, just out of curiosity, are there SASL methods
> that check a shared secret of some kind and don't use
> userPassword?  What are they?

GSSAPI



--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#5195) ssf not available during sasl bind
Next by Date: Re: (ITS#5195) ssf not available during sasl bind
Index(es):
- Chronological
- Thread