[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema: encrypted 8-bit userPassword and SASLprep

To: Jim Sermersheim <jimse@novell.com>
Subject: Re: Schema: encrypted 8-bit userPassword and SASLprep
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 12 Sep 2003 16:12:43 +0200
Cc: michael@stroeder.com, ietf-ldapbis@OpenLDAP.org
In-reply-to: <sf617e6c.072@prv-mail20.provo.novell.com>
References: <sf617e6c.072@prv-mail20.provo.novell.com>

Jim Sermersheim writes:
><Michael>
>> Note that hashed passwords are non-standard anyway... ;-)
> 
><Halvard>
>> No, they are irrelevant to the standard:
> 
> Halvard, if you are still talking about userPassword, see Section 2.41
> in
> http://ietf.org/internet-drafts/draft-ietf-ldapbis-user-schema-06.txt:
> "Passwords are stored using an Octet String syntax and are not
> encrypted. "

Oh my.  I didn't notice that.  Or maybe I did, but just didn't believe
what I saw:-)

Please, could we remove this requirement?  This means people can't bind
to LDAP with their Unix or Windows passwords.  Our security people would
never allow us to run an LDAP server conforming to this requirement, and
I doubt they are alone in that.

-- 
Hallvard

Follow-Ups:
- Re: Schema: encrypted 8-bit userPassword and SASLprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: Schema: encrypted 8-bit userPassword and SASLprep
Next by Date: Re: Schema: encrypted 8-bit userPassword and SASLprep
Index(es):
- Chronological
- Thread