[Date Prev][Date Next] [Chronological] [Thread] [Top]

authmeth: SASL/PLAIN

To: ietf-ldapbis@OpenLDAP.org
Subject: authmeth: SASL/PLAIN
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 27 Sep 2004 17:32:08 +0200

[Authmeth] says:

> 9. SASL Protocol Profile

>    As LDAP
>    includes native anonymous and simple (plain text) authentication
>    methods, the ANONYMOUS [ANONYMOUS] and PLAIN [PLAIN] SASL mechanisms
>    are typically not used with LDAP.

Actually, PLAIN might be the most "natural" way to authenticate with a
non-DN and password, if DIGEST-MD5 is not appropriate.  The other way
would be to turn the ID into a DN which does not exist in the directory
and have the server extract the ID from the DN, e.g. "uid=foo,cn=users".
They differ in some ways, e.g. PLAIN is easier if the user name must
be matched in a way we have no LDAP matching rule for, and Simple Bind
allows non-Unicode passwords.

Is this worth mentioning in the draft, and perhaps to RECOMMEND one over
the other?

-- 
Hallvard

Prev by Date: authmeth: Access controls vs. confidentialityRequired
Next by Date: authmeth: SASL authorization/authentication ID syntax
Index(es):
- Chronological
- Thread