Re: RFC2256: userPassword

[Helmut Volpers <helmut.volpers@icn.siemens.de>]

David Boreham wrote:
> 
> Helmut Volpers wrote:
> 
> > > They aren't. It's a philisophical position that they
> > > can be read, somehow. This is why we use one-way
> > > hashes for passwords rather than storing cleartext.
> >
> > How do you replicate one-way hashed passwords to any other server ?
> > Can you make a LDIF dump (for backup) and load the data to another
> > server ?
> 
> Yes, yes.
> 
> > Is the question really how to store it in the server ? the question is
> > how
> > the password goes over the wire.
> 
> I'm not seeing the problem.
> They go over-the-wire just like any
> other attribute value. If the hashed
> value is stored, then the hashed value
> will be propagated over the wire to
> other servers.

perhaps I missed something, do you think microsoft, netscape
innosoft, ibm, siemens etc have to use the same one way encryption
algorithm, or do you mean every client should use the same 
encryption algorithm and the server only make the compare ?

Helmut

begin:vcard 
n:Volpers;Helmut 
tel;fax:+49-89-63645860
tel;home:+49-89-1576588
tel;work:+49-89-63646713
x-mozilla-html:FALSE
url:http://www.siemens.com/bus-com/
adr:;;Otto-Hahn-Ring 6;Munich;;81730;Germany
version:2.1
email;internet:Helmut.Volpers@icn.siemens.de
title:Directory Server Architect
x-mozilla-cpt:;30160
fn:Volpers, Helmut 
end:vcard