[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: About Authentication methods for LDAP
>
> The presence of the name is required by the CRAM-MD5 mechanism definition.
> The previous version was not in alignment with the specification, RFC 2195:
>
> This produces a digest value (in hexadecimal) of
>
> b913a602c7eda7a495b4e6e7334d3890
>
> The user name is then prepended to it, forming
>
> tim b913a602c7eda7a495b4e6e7334d3890
>
>
>
> Mark Wahl, Enterprise Directory Integration
> Critical Angle Inc.
>
It make sense with IMAP and POP because otherwise the user is unknown.
But with LDAP, the name is already part of the request.
Adding the name in the credentials is a duplicate, and it makes the parsing of
the digest string more complex since the name in LDAP is not one word but a DN.
Moreover, must a server check that the name field containing the DN and the
name in the digest are the same ? If not which one should be used ?
Regards,
Ludovic Poitou
______________________________________________________________
/\ Ludovic POITOU
\\ \ Software engineer
\ \\ / Directory Services Group - SunSoft
/ \/ / /
/ / \//\ SUN Microsystems
\//\ / / 32 Avenue du Vieux Chene
/ / /\ / 38240 Meylan Zirst
/ \\ \ FRANCE
\ \\ Phone: +33-0 476 414 243
\/ Fax : +33-0 476 414 241
Email: ludovic.poitou@France.Sun.COM