[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: passwords in the clear

To: John McMeeking <jmcmeek@us.ibm.com>
Subject: Re: passwords in the clear
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 12 Nov 2003 19:52:54 +0100
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <OFBC06A76C.04FFDC9C-ON86256DDC.0052C877-86256DDC.00534830@us.ibm.com>
References: <OFBC06A76C.04FFDC9C-ON86256DDC.0052C877-86256DDC.00534830@us.ibm.com>

John McMeeking writes:
> It seems like changing passwords in the clear would present similar issues.
> If someone can snoop for bind requests, it wouldn't seem much harder to
> also snoop for password change operations (password modify extended op,
> modify of userPassword, etc.).
> 
> Do we want to consider extending this to cover that?

Sounds good to me.  I don't think it can be made a MUST, though:
If there are any LDAP servers left that merely forward requests to other
servers, e.g. X.500 servers, then the LDAP server might not know that a
particular attribute type contains passwords.  So it can't return
confidentialityRequired if the user tries to modify that password using
cleartext.  Of course, the X.500 server might return
confidentialityRequired, or whatever that is in X.500 speak, anyway.

> Chris Newman wrote:
>    (...)
>    Use of simple bind sends passwords in the clear.  This can be
>    avoided by using SASL bind [SASL] with a mechanism
>    that does not use plaintext passwords, by first negotiating
>    encryption via STARTTLS or some other protection mechanism.
>    (...)

-- 
Hallvard

References:
- Re: passwords in the clear
  - From: John McMeeking <jmcmeek@us.ibm.com>

Prev by Date: Re: Textual/non-textual passwords and SASLprep
Next by Date: Re: Protocol: referrals and other URIs
Index(es):
- Chronological
- Thread