[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unauthenticated bind

To: "Jim Sermersheim" <jimse@novell.com>
Subject: Re: unauthenticated bind
From: "Mark Smith" <markcsmithwork@aol.com>
Date: Wed, 12 Nov 2003 12:00:31 -0500
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <sfb1ef05.086@prv-mail20.provo.novell.com>
Organization: America Online, Inc.
References: <sfb1ef05.086@prv-mail20.provo.novell.com>

Jim Sermersheim wrote on 11/12/2003, 10:27 AM:

Disallowing them completely may break some current client and server implementations. I remember some people (maybe Mark Smith) from Netscape saying that they use the mechanism as some way of voluntary auditing or some such.

Yes, people do use it that way... I am not saying this is a great LDAP feature from a security point of view though.

I prefer the compromise solution brought up in yesterday's meeting where part of the note is moved into the main body of the document with a pointer to the security considerations which contains the reasons why.

That sounds OK although I'll have to see the exact proposal.

-Mark

References:
- Re: unauthenticated bind
  - From: "Jim Sermersheim" <jimse@novell.com>

Prev by Date: Re: Protocol: referrals and other URIs
Next by Date: Re: Textual/non-textual passwords and SASLprep
Index(es):
- Chronological
- Thread