Re: RFC2256: userPassword

[Robert Allen <robert.allen@eng.Sun.COM>]

Mark,
	Of course.  I agree completely and was not suggesting
that passwords be in the clear inside of the the directory.
However I go a step further and note that having easily
decrypted (i.e. hashed) passwords in the directory is not
significantly more secure against attacks, just (as you note)
against accidental exposure.

	Before security can be built into a system people
have to agree what is being secured, and what it's being
secured against.

Thanks,

Robert
rja@Eng.Sun.COM


>>>         I don't understand this viewpoint.  For example I
>>>         don't assume that my passords (not stored in LDAP)
>>>         which I use to access my bank accounts, etc., will
>>>         inevitably fall into the wrong hands.  It seems to
>>>         me that assuming they will in our business is a
>>>         way of bypassing having to worry about decent security.
>>
>>Maybe... but a common concern is that those who maintain the directory
>>servers should not be casually exposed to passwords.  For example, as a
>>directory administrator I want to be able to dump the directory data to
>>an LDIF file and browse the contents without stumbling across your
>>password (which you might use for other services too and so on_.  In
>>this scenario, the strength of the hash is not very important but the
>>fact that the userPassword value is obscured is -- to some people.
>>
>>-- 
>>Mark Smith
>>Directory Architect / Sun-Netscape Alliance
>>My words are my own, not my employer's.  Got LDAP?