[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Protocol][Authmeth][Syntaxes] application of SASLprep

To: ietf-ldapbis@OpenLDAP.org
Subject: [Protocol][Authmeth][Syntaxes] application of SASLprep
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 21 Mar 2005 12:10:19 -0800

The behavior of SASLprep is dependent on whether the input is
considered a "query" string or a "stored" string [Section 7,
Stringprep].  Hence, when we say (in [Protocol] things like
>     clients SHOULD prepare text
>     passwords by applying the [SASLprep] profile of the [Stringprep]
>     algorithm.

we need to qualify the statement with either
	as "query" strings [Section 7, Stringprep]
or
	as "stored" strings [Section 7, Stringprep]


In above [Protocol] case, the client is effectively querying the
server as to the validity of the password.  Hence, it should be
prepared as a "query" string.  Likewise in [AuthMeth] when the
client is providing an uAuthzid.

In [UserSchema] userPassword case, when the client is preparing
a value for storage, it should do so as a "stored" string.
When preparing a value for a compare operation, it should do so
as a "query" string.

Kurt

Prev by Date: User Schema: Country Attribute
Next by Date: user schema: domain component
Index(es):
- Chronological
- Thread