[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: comments to draft-ietf-ldapbis-authmeth-04.txt

To: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Subject: Re: comments to draft-ietf-ldapbis-authmeth-04.txt
From: Alexey Melnikov <Alexey.Melnikov@isode.com>
Date: Tue, 16 Sep 2003 21:10:01 +0100
Cc: Roger Harrison <roger_harrison@novell.com>, ietf-ldapbis@OpenLDAP.org
In-reply-to: <HBF.20030911ld6d@bombur.uio.no>
References: <HBF.20021117qbg0@bombur.uio.no> <HBF.20030911ld6d@bombur.uio.no>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Hallvard B Furuseth wrote:

I'm still wondering about SASL/DIGEST-MD5...

In an old private mail to Roger Harrison, I wrote:

[Under Security Considerations in Authmeth,]
Please mention (...) which mechanisms that are standardized by the LDAP standard do/do not disclose the user's password to the server?


Another thing which would be interesting to list is which methods
need/don't need the server to know the user's plaintext password.
(I say 'know' instead of 'store' because it could still store the
password encrypted, but in a way which it knows how to decrypt.)

The best, of course, should be a method which does not require the
server to know the password and does not disclose the password to the
user.  According to rfc2831 SASL/DIGEST-MD5 is such a mechanism, yet
Section 3.9 "Storing passwords" says:

  if this password file is compromised, then an attacker gains
  immediate access to documents on the server using this realm.

I don't see what 'files' means in LDAP context.

password storage.

 Does this mean that
if our system encrypts passwords and throws away the unencrypted ones,

I assumed below that you meant hashing, not encrypting here. Encryption is reversible.

we can't use SASL/DIGEST-MD5 since we must to know the plaintext
passwords and re-encrypt them if the password file is stolen?

You either store hash of username-value, realm-value, and passwd or you store a cleartext password (or encrypted version of it). If you use different hashing and store only hashes, you can't use DIGEST-MD5.

The phrase

  if this password file is compromised, then an attacker gains
  immediate access to documents on the server using this realm.

means that if you store DIGEST-MD5 hashes and they are stolen, this allows the person who stole them to access your LDAP server. However, imagine that you've stored a hash username:realm1:password on a compromised server A.
If another LDAP server B has an account for the same user "username" with the same password "password", but different realm, the hash from the compromised server is not good on the LDAP server B.

If not - Section 3.9 says the stored passwords will be a hash of username-value, realm-value, and passwd, and that the realm should include the name of the host doing the authentication. Will 'ldap.uio.no' do for host here, where that will be the DNS name of _several_ hosts?

It will, but you risk that a compromise of a server from the list will mean compromise on all of them (assuming they share users).

Have I answered your questions?

Alexey

Follow-Ups:
- Re: comments to draft-ietf-ldapbis-authmeth-04.txt
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- Re: comments to draft-ietf-ldapbis-authmeth-04.txt
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: Re: Schema nitpicks
Next by Date: Re: Protocol: Ignore SEQUENCE elements...
Index(es):
- Chronological
- Thread