[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Compromise Authentication Proposal

To: Paul Leach <paulle@MICROSOFT.com>
Subject: RE: Compromise Authentication Proposal
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 07 Oct 1998 20:48:16 +0200 (MET DST)
Cc: mcs@netscape.com, chris.newman@INNOSOFT.COM, ietf-ldapext@netscape.com, ietf-sasl@imc.org
In-reply-to: <CB6657D3A5E0D111A97700805FFE65875D77DA@RED-MSG-51>
References: <CB6657D3A5E0D111A97700805FFE65875D77DA@RED-MSG-51>
Resent-date: Wed, 07 Oct 1998 11:48:51 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"f10JX1.0.Om6.EUx6s"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I've missed something: What can the LDAP server *do* with the usernames
we bind as?  It's simple enough if the username is a DN, of course.
But if I bind as "hbf", may the server translate that to a DN - e.g.
with a local subtree search for (&(uid=hbf)(objectclass=person))?
May it bind as user user "hbf" which does not correspond to a DN, in a
private user file?

-- 
Hallvard

References:
- RE: Compromise Authentication Proposal
  - From: Paul Leach <paulle@microsoft.com>

Prev by Date: secure change-password protocol after Digest authentication?
Next by Date: RE: Compromise Authentication Proposal
Index(es):
- Chronological
- Thread