[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6249) Feature request: Password Modify ext. op. and anonymous LDAP connection

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6249) Feature request: Password Modify ext. op. and anonymous LDAP connection
From: michael@stroeder.com
Date: Tue, 11 Aug 2009 19:47:33 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

hyc@symas.com wrote:
> michael@stroeder.com wrote:
>> Full_Name: Michael Ströder
>> Version: HEAD
>> OS:
>> URL:
>> Submission from: (NULL) (84.163.50.194)
>>
>> I'd like to request that a Password Modify ext. op. request should succeed on a
>> LDAP connection as anonymous if the LDAP client provides the correct old
>> password.
>>
>> E.g. OpenDS implements it like this and it makes sense to me regarding a user
>> setting a new password in case of an expired password.
> 
> Adding this feature would open up the pwdModify exop as a mechanism for 
> password guessing attacks.

There could be still the bad password counter in effect just like when
processing bind requests.

Ciao, Michael.

Prev by Date: Re: (ITS#6250) Password modify ext.op. - automagically add simpleSecurityObject
Next by Date: Re: (ITS#6250) Password modify ext.op. - automagically add simpleSecurityObject
Index(es):
- Chronological
- Thread