[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication Methods for LDAP - last call

To: Mark Wahl <M.Wahl@INNOSOFT.COM>
Subject: Re: Authentication Methods for LDAP - last call
From: Steve Kille <S.Kille@isode.com>
Date: Sat, 01 Aug 1998 12:16:04 -0500 (Central Daylight Time)
Cc: ietf-ldapext@netscape.com
Resent-date: Sat, 01 Aug 1998 10:13:31 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"SfE8o3.0.Kc.voqmr"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Mark,

I agree with all of this.   CRAM-MD5 is a good shared 
secret mechanism, better than plain text password, and 
suitable for some LDAP deployment.

I think that X.509 (assymetric key) mechanisms, such as 
the one you describe are going to be suitable for a lot of 
other environments. 

My objection is to making CRAM-MD5 MANDATORY, when it is 
so clearly unsuitable for a lot of types of LDAP deployment.


Steve

Follow-Ups:
- Re: Authentication Methods for LDAP - last call
  - From: howes@netscape.com (Tim Howes)

Prev by Date: Re: Authentication Methods for LDAP - last call
Next by Date: Re: Authentication Methods for LDAP - last call
Index(es):
- Chronological
- Thread