[Date Prev][Date Next]
passwords in the clear
The recent IMAP revision spec used to allow the LOGIN command (equivalent to
simple bind) without requiring a security layer and this was rejected by the
In RFC 3501, we developed compromise text that addressed the IESG's desire to
strongly deprecate passwords in the clear, while still allowing legacy
implementations. Recasting that text in LDAP terms looks roughly like this:
Use of simple bind sends passwords in the clear. This can be
avoided by using SASL bind [SASL] with a mechanism
that does not use plaintext passwords, by first negotiating
encryption via STARTTLS or some other protection mechanism.
A server implementation MUST implement a configuration that, at the
time of authentication, requires:
(1) A STARTTLS encryption layer has been successfully negotiated.
(2) Some other mechanism that protects the session from password
snooping has been provided.
(3) The following measures are in place:
(a) The simple bind operation returns an error even if the
password is correct.
(b) The SASL bind operation returns an error with all [SASL]
mechanisms that use plaintext passwords, even if the password