[Date Prev][Date Next] [Chronological] [Thread] [Top]

draft-ietf-ldapext-authmeth-00

To: M.Wahl@critical-angle.com
Subject: draft-ietf-ldapext-authmeth-00
From: Chris Newman <Chris.Newman@innosoft.com>
Date: Tue, 11 Nov 1997 13:30:34 -0800 (PST)
Cc: IETF LDAP Extensions WG <ietf-ldapext@netscape.com>
Delivered-to: ldapext-archive@critical-angle.com
Resent-date: Tue, 11 Nov 1997 13:29:17 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"DEidN3.0.ih5.iuCQq"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I'm confused by the following paragraph:

   Upon receipt of the challenge, the client will generate the response
   digest value, which is a string of 32 hexadecimal digits.  An 
   example digest derived from the above challenge and the password 
   "tanstaaftanstaaf" is "b913a602c7eda7a495b4e6e7334d3890". The client
   will send a bind request, with a different message id, in which the
   version number is 3, the name field is the name of the user's entry,
   the authentication choice is sasl, the sasl mechanism name is 
   "CRAM-MD5", and the credentials field contains the digest string. 
   The client then will waits for another response from the server.

The content of the credentials field is defined by RFC 2195 (CRAM-MD5) and
contains the "user name" to login as, followed by a space, followed by the
hex encoding of the challenge.

I assume the LDAP equivalent to "user name" is a DN, so that has to be
included there.  If LDAP DNs can include a space, then CRAM-MD5 isn't
suitable for use with LDAP and you'll have to recommend a different
mechanism.

		- Chris

Follow-Ups:
- draft-ietf-ldapext-authmeth-00
  - From: John Haxby <jch@pwd.hp.com>

Prev by Date: alias class is structural
Next by Date: draft-ietf-ldapext-authmeth-00
Index(es):
- Chronological
- Thread