[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: passwords in the clear

To: Chris Newman <Chris.Newman@Sun.COM>
Subject: Re: passwords in the clear
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 12 Nov 2003 15:17:55 +0100
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <2147483647.1068558950@dyn132-212.ietf58.ietf.org>
References: <2147483647.1068558950@dyn132-212.ietf58.ietf.org>

Chris,

authmeth 7.1 (Simple Authentication) says:

   LDAP implementations SHOULD NOT support authentication 
   with the "simple" authentication choice unless the data on the 
   connection is protected using TLS or other data confidentiality and 
   data integrity protection. 

Are you saying this is insufficient?  How about just adding '...and
servers MUST support a configuration which rejects "simple"
authentication unless such protection is in place.'

Or maybe that should be 'MUST by default reject...'.

-- 
Hallvard

Follow-Ups:
- Re: passwords in the clear
  - From: Chris Newman <Chris.Newman@Sun.COM>

References:
- passwords in the clear
  - From: Chris Newman <Chris.Newman@Sun.COM>

Prev by Date: unauthenticated bind
Next by Date: Re: unauthenticated bind
Index(es):
- Chronological
- Thread