[Date Prev][Date Next] [Chronological] [Thread] [Top]

Clarification of "authentication"

To: <ietf-ldapbis@OpenLDAP.org>
Subject: Clarification of "authentication"
From: "Jim Sermersheim" <jimse@novell.com>
Date: Thu, 16 Nov 2000 11:14:19 -0700
Content-disposition: inline

I'm not sure why the word "authentication" is in the following sentence from section 4.2.2 of RFC 2251. Does it mean that you could supply a simple password, but it's somehow associated with authentication secrets that have been negotiated securely at a lower layer, thus rendering the transmission of the cleartext password useless to others?

"Note that the use of cleartext passwords is not recommended over open networks when there is no authentication or encryption being performed by a lower layer; see the "Security Considerations" section."

Follow-Ups:
- Re: Clarification of "authentication"
  - From: Mark Smith <mcs@netscape.com>

Prev by Date: When to not deref aliases
Next by Date: derefInSearching
Index(es):
- Chronological
- Thread