[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About Authentication methods for LDAP

To: Mark Wahl <M.Wahl@critical-angle.com>
Subject: Re: About Authentication methods for LDAP
From: Ludovic Poitou - Sun Microsystems <Ludovic.Poitou@France.Sun.COM>
Date: Wed, 4 Feb 1998 09:24:58 +0100 (MET)
Cc: Ludovic Poitou - Sun Microsystems <Ludovic.Poitou@France.Sun.COM>, Harald Tveit Alvestrand <Harald.Alvestrand@maxware.no>, ietf-ldapext@netscape.com
Delivered-to: ldapext-archive@critical-angle.com
In-reply-to: "Your message with ID" <16929.886532212@folder.critical-angle.com>
Resent-date: Wed, 4 Feb 1998 00:25:55 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"nd0ah3.0.gH6.IO2sq"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

> 
> The presence of the name is required by the CRAM-MD5 mechanism definition.
> The previous version was not in alignment with the specification, RFC 2195:
> 
>       This produces a digest value (in hexadecimal) of
>  
>            b913a602c7eda7a495b4e6e7334d3890
>  
>       The user name is then prepended to it, forming
>  
>            tim b913a602c7eda7a495b4e6e7334d3890
> 
> 
>  
> Mark Wahl, Enterprise Directory Integration
> Critical Angle Inc.
> 

It make sense with IMAP and POP because otherwise the user is unknown.
But with LDAP, the name is already part of the request. 
Adding the name in the credentials is a duplicate, and it makes the parsing of
the digest string more complex since the name in LDAP is not one word but a DN.
 Moreover, must a server check that the name field containing the DN and the
name in the digest are the same ? If not which one should be used ?

Regards,

Ludovic Poitou
______________________________________________________________

    /\        Ludovic POITOU
   \\ \       Software engineer
  \ \\ /      Directory Services Group - SunSoft
 / \/ / /     
/ /   \//\    SUN Microsystems
\//\   / /    32 Avenue du Vieux Chene
 / / /\ /     38240 Meylan Zirst
  / \\ \      FRANCE
   \ \\       Phone:  +33-0 476 414 243
    \/        Fax  :  +33-0 476 414 241
              Email:  ludovic.poitou@France.Sun.COM

Follow-Ups:
- Re: About Authentication methods for LDAP
  - From: Chris Newman <Chris.Newman@innosoft.com>

References:
- Re: About Authentication methods for LDAP
  - From: Mark Wahl <M.Wahl@critical-angle.com>

Prev by Date: Re: About Authentication methods for LDAP
Next by Date: dynamic LDAP
Index(es):
- Chronological
- Thread