[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: comments to draft-ietf-ldapbis-authmeth-04.txt

To: Alexey Melnikov <Alexey.Melnikov@isode.com>
Subject: Re: comments to draft-ietf-ldapbis-authmeth-04.txt
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 23 Sep 2003 15:14:52 +0200
Cc: Roger Harrison <roger_harrison@novell.com>, ietf-ldapbis@OpenLDAP.org
In-reply-to: <3F676E19.1020707@isode.com>
References: <HBF.20021117qbg0@bombur.uio.no> <HBF.20030911ld6d@bombur.uio.no> <3F676E19.1020707@isode.com>

Alexey Melnikov writes:
>Hallvard B Furuseth wrote:
> 
>>Section 3.9 "Storing passwords" says:
>>
>>   if this password file is compromised, then an attacker gains
>>   immediate access to documents on the server using this realm.
>>
>>I don't see what 'files' means in LDAP context.
>
> password storage.

Sorry, I meant 'documents on the server', not 'files'.  'files' was from
my private notes, with some misquoting...

That is, does this mean that one can authenticate as any in the password
file if the password file is compromised?

>>Does this mean that
>>if our system encrypts passwords and throws away the unencrypted ones,
>>
> I assumed below that you meant hashing, not encrypting here. Encryption 
> is reversible.

Yes.

> Have I answered your questions?

Not quite, I must chew on this a bit...

-- 
Hallvard

Follow-Ups:
- Re: comments to draft-ietf-ldapbis-authmeth-04.txt
  - From: Alexey Melnikov <Alexey.Melnikov@isode.com>

References:
- Re: comments to draft-ietf-ldapbis-authmeth-04.txt
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: comments to draft-ietf-ldapbis-authmeth-04.txt
  - From: Alexey Melnikov <Alexey.Melnikov@isode.com>

Prev by Date: WG Last Call: draft-ietf-ldapbis-protocol-17.txt [corrected]
Next by Date: Re: Schema: encrypted 8-bit userPassword and SASLprep
Index(es):
- Chronological
- Thread