[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication

To: Daniel Tiefnig <daniel.tiefnig@infonova.at>
Subject: Re: Authentication
From: Devdas Bhagat <devdas@worldgatein.net>
Date: Thu, 2 Aug 2001 20:21:41 +0530
Cc: openldap-software@OpenLDAP.org
In-reply-to: <9kbe7s$7a0$1@qmail.infonova.at>
References: <01080216020003.01063@office.interoffice> <9kbe7s$7a0$1@qmail.infonova.at>

On Thu, 02 Aug 2001, Daniel Tiefnig spewed into the ether:
<snip>
Thanks for the comments, I need to use the C API though.
> > Is this workable, or would storing user passwords encrypted in LDAP
> > and having each application verify them individually be better?
> 
> your storing userpasswords in LDAP anyway, i think. which solution is better
> depends on the usecase, i'd say. opening multiple connections allows you to
> benefit from a multithreaded LDAP e.g.
Nope, passwords go into sasldb. My point is that I have multiple
applications which need to access this data. Having to change lots of
applications to handle such changes isn't fun, particulary when the
changes might not be rolled back into the main distro.
I would prefer not to allow anonymous binds at all, personally. Also
being a lazy sysadmin, I prefer to code less ;). If openldap can handle
the password checking for me, it should.

Repeated checks so that a single SSL session can be reused.

Devdas Bhagat
--
A little suffering is good for the soul.
		-- Kirk, "The Corbomite Maneuver", stardate 1514.0

References:
- Authentication
  - From: Devdas Bhagat <devdas@worldgatein.net>
- Re: Authentication
  - From: Daniel Tiefnig <openldap@qmail.infonova.at>

Prev by Date: Re: compiling --with-tls
Next by Date: Problems in subjecting openldap to load test...
Index(es):
- Chronological
- Thread