[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RFC2256: userPassword

To: Helmut Volpers <helmut.volpers@icn.siemens.de>, " ietf-ldapext@netscape.com" <ietf-ldapext@netscape.com>
Subject: Re: RFC2256: userPassword
From: dboreham@netscape.com (David Boreham)
Date: Wed, 30 Jun 1999 08:20:10 -0700
References: <199906291850.LAA14641@ego.mind.net> <37791A7F.8A03E9FF@netscape.com> <3779CB5E.983CBAC@icn.siemens.de>
Resent-date: Wed, 30 Jun 1999 08:13:06 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"Z0ZJqB.A.CYE.8Oje3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Helmut Volpers wrote:

> > They aren't. It's a philisophical position that they
> > can be read, somehow. This is why we use one-way
> > hashes for passwords rather than storing cleartext.
> 
> How do you replicate one-way hashed passwords to any other server ?
> Can you make a LDIF dump (for backup) and load the data to another
> server ?

Yes, yes.

> Is the question really how to store it in the server ? the question is
> how
> the password goes over the wire.

I'm not seeing the problem.
They go over-the-wire just like any
other attribute value. If the hashed
value is stored, then the hashed value
will be propagated over the wire to 
other servers.

Follow-Ups:
- Re: RFC2256: userPassword
  - From: Helmut Volpers <helmut.volpers@icn.siemens.de>

References:
- Re: RFC2256: userPassword
  - From: Paul Collins <paul@oneclick.com>
- Re: RFC2256: userPassword
  - From: dboreham@netscape.com (David Boreham)
- Re: RFC2256: userPassword
  - From: Helmut Volpers <helmut.volpers@icn.siemens.de>

Prev by Date: I-D ACTION:draft-ietf-ldapext-acl-model-03.txt
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread