[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: draft minutes from Chicago meeting

Phil,

The main (valid) objection that some have to requiring server's to
implement things like CRAM-MD5 is that in "large/distributed" environments,
user passwords may have to be distributed to each LDAP server where an LDAP
client might want to authenticate.  This password replication strategy is
of course only one way (i.e. the most obvious one) to implement support for
this authentication mechanism.  There are other ways of implementing this
mechanism that don't require such password replication.  Needless to say, I
don't actually share the objection, I just understand it...

Bruce

At 03:40 PM 10/1/98 +0100, Phil Pinkerton wrote:
>
>
>
>>Phil,
>>
>>So you propose only supporting the small directory environments?
>>
>
>
>Not at all.  But I fail to understand what the size of a directory
>deployment, be it single server, distributed, or replicated servers has to
>do with mandating a server-side SASL authentication mechanism primarily for
>use by clients - I'm sure someone will explain.  Maybe this view is a bit
>simplistic, but, in my opinion, some of the debate taking place has merely
>been putting hurdles in the way of progress on this topic.
>
>This is difinitely my final comment!
>
>Regards, Phil
>
>
>
================================================
Bruce Greenblatt              bruceg@innetix.com
http://www.innetix.com/~bruceg
================================================