[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: userPassword question

To: 'IETF LDAP Extensions WG' <ietf-ldapext@netscape.com>
Subject: RE: userPassword question
From: Luke Howard <lukeh@xedoc.com.au>
Date: Wed, 29 Jul 1998 21:30:07 +1000
Importance: Normal
In-reply-to: <26196.901678232@threadgill.austin.innosoft.com>
Resent-date: Wed, 29 Jul 1998 04:29:44 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"NggPJ3.0.BN2.dUmlr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

> An application which wishes to store an encrypted password
> SHOULD use an
> attribute description distinct from "userPassword".  Reusing
> userPassword
> for another syntax without preserving its semantics would break
> interoperability.  One possible approach is to define a new attribute

Yes, I was reluctant to do this with RFC 2307, but (mainly for
interoperability with Netscape's Directory Server) I went with prefixing
hashed values with {crypt} (or {sha} or {md5}) and maintaining the
userPassword attributes. Nonetheless, using attribute subtypes (see section
5.3 of RFC 2307) is probably a good idea at some stage.



-- Luke

Follow-Ups:
- Re: userPassword question
  - From: Mark Smith <mcs@netscape.com>

References:
- Re: userPassword question
  - From: Mark Wahl <M.Wahl@INNOSOFT.COM>

Prev by Date: Re: userPassword question
Next by Date: Re: comments on draft-ietf-ldapext-ldapv3-tls-01.txt
Index(es):
- Chronological
- Thread