[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authentication Methods for LDAP - last call

To: Tim Howes <howes@netscape.com>
Subject: Re: Authentication Methods for LDAP - last call
From: Steve Kille <S.Kille@isode.com>
Date: Wed, 05 Aug 1998 02:44:51 -0500 (Central Daylight Time)
Cc: Chris Newman <Chris.Newman@INNOSOFT.COM>, ietf-ldapext@netscape.com
Resent-date: Wed, 05 Aug 1998 00:43:05 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"KFAjs1.0.vH6.7q0or"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Tim,

I'd like to respond briefly to your summary.   To me, John Strassner's 
rebuttal of Chris Newman's message sets out clearly the case against a 
single mandtory authentication mechanism.

Basic LDAP client/server interoperability can be and is achieved 
without authententication.   I cannot see what specifying this single 
mandatory mechanism achieves.

If I had to pick a single mechanism it would be X.509 based.  Kerberos 
would be better than CRAM-MD5. 

Making CRAM-MD5 mandatory will promote an approach which a lousy choice 
for many many environments.  

To me the clear conclusion is that there should not be a mandatory 
mechansism.  


Steve Kille

Follow-Ups:
- Re: Authentication Methods for LDAP - last call
  - From: Chris Newman <Chris.Newman@INNOSOFT.COM>

Prev by Date: fyi: IMAP/LDAP mailing list
Next by Date: Re: userPassword question
Index(es):
- Chronological
- Thread