[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Authentication Methods for LDAP - last call

To: ietf-ldapext@netscape.com
Subject: RE: Authentication Methods for LDAP - last call
From: edguer@cs.loyola.edu (Aydin Edguer)
Date: Wed, 05 Aug 1998 14:00:24 -0400
Resent-date: Wed, 05 Aug 1998 11:11:57 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"u_EWL2.0.2k6.h1Aor"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

> The only reason for one mandatory algorithm across LDAP servers and
> clients is because the client must connect to many servers

Wrong!  It is so that any client can connect to any server and know that
they will be able to negotiate something better than just passing passwords
in the clear.

> - and have its entry replicated in every server to which it connects -
> AS said - an unscaleable and broken concept in distributed directory systems. 

The issue has *nothing* to do with replication.  Replication is server to
server.  And if the market feels that interoperation with certificates is
important, I am sure that there will be standard options to permit it.
But they should not be mandatory for all implementations.

I am happy you are trying to sell X.500 servers.  I'm wish you luck in
trying to build your global scalable infrastructure for certificates,
but I don't care.  I want something LIGHTWEIGHT (the L in LDAP) and easy
to install, administer, and use, that does not require large amounts of
resources for my local network.  I don't want to advertise my printers,
hosts, or users to the global Internet, but I do want to have them in
my local directory.

The IETF says that I should not use passwords in the clear, so I won't,
but I will *not* install Kerberos or a Certificate Authority, just so
I can track my HP laser printer.  And I don't care about replication -
I will only have one server.

Prev by Date: Re: Authentication Methods for LDAP - last call
Next by Date: RE: Authentication Methods for LDAP - my vote for CRAM-MD5
Index(es):
- Chronological
- Thread