[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL LDAP plugin

To: "Howard Chu" <hyc@highlandsun.com>
Subject: RE: SASL LDAP plugin
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 13 Jun 2002 16:41:15 -0700
Cc: <lukeh@PADL.COM>, <openldap-devel@OpenLDAP.org>
In-reply-to: <NMEFLNHODBAOPDKNNJALIEMJDAAA.hyc@highlandsun.com>
References: <200206132316.JAA40269@au.padl.com>

At 04:35 PM 2002-06-13, Howard Chu wrote:
>> -----Original Message-----
>> From: Luke Howard [mailto:lukeh@PADL.COM]
>
>> Actually, what I said isn't relevant, as you're interested in retrieving
>> secrets, not proxying the entire SASL bind, right?
>
>Right. Proxying the bind itself is a possibility, but that means e.g.
>providing an LDAP-specific implementation of the CRAM-MD5 or DIGEST-MD5 SASL
>plugins. Way too messy.

You cannot proxy DIGEST-MD5... it has server-in-the-middle protection*.

* at least in theory... IIRC, it's not implemented.

Kurt

References:
- RE: SASL LDAP plugin
  - From: Luke Howard <lukeh@PADL.COM>
- RE: SASL LDAP plugin
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: RE: SASL LDAP plugin
Next by Date: RE: SASL LDAP plugin
Index(es):
- Chronological
- Thread