[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RFC2256: userPassword

To: dboreham@netscape.com (David Boreham)
Subject: Re: RFC2256: userPassword
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Wed, 30 Jun 1999 09:40:03 -0700
Cc: Helmut Volpers <helmut.volpers@icn.siemens.de>, " ietf-ldapext@netscape.com" <ietf-ldapext@netscape.com>
In-reply-to: <377A3D96.A30ACCE@netscape.com>
References: <199906291850.LAA14641@ego.mind.net> <37791A7F.8A03E9FF@netscape.com> <3779CB5E.983CBAC@icn.siemens.de> <377A35AA.F1638F8F@netscape.com> <377A3956.ADA1E321@icn.siemens.de>
Resent-date: Wed, 30 Jun 1999 09:48:57 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"EPT4DB.A.GbF.vpke3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 08:53 AM 6/30/99 -0700, David Boreham wrote:
>Helmut Volpers wrote:
>
>> perhaps I missed something, do you think microsoft, netscape
>> innosoft, ibm, siemens etc have to use the same one way encryption
>> algorithm, or do you mean every client should use the same
>> encryption algorithm and the server only make the compare ?
>
>If servers are participating in a replication agreement,
>they must implement all the hashing schemes employed.
>(same things applies to access control and schema
>and a bunch of other things, of course).
>
>Netscape implements a set of standard hashes
>including SHA-1 and crypt. Some other vendors
>support one or more of these hashing functions. 

OpenLDAP provides these as well as MD5 and salted
versions SHA-1 and MD5 hashes.  I suspect other
algorithms will be added.

I believe it wise to formalize a mechanism
to exchange hashed password values.  I would
suggest that such include a mechanism for client
discovery of hash algorithms supported by the server
and/or discovery of whether the server can and
will perform hash generation when a cleartext
password value is set.

Kurt

Follow-Ups:
- Re: RFC2256: userPassword
  - From: mcs@netscape.com (Mark C Smith)

References:
- Re: RFC2256: userPassword
  - From: Paul Collins <paul@oneclick.com>
- Re: RFC2256: userPassword
  - From: dboreham@netscape.com (David Boreham)
- Re: RFC2256: userPassword
  - From: Helmut Volpers <helmut.volpers@icn.siemens.de>
- Re: RFC2256: userPassword
  - From: dboreham@netscape.com (David Boreham)
- Re: RFC2256: userPassword
  - From: Helmut Volpers <helmut.volpers@icn.siemens.de>
- Re: RFC2256: userPassword
  - From: dboreham@netscape.com (David Boreham)

Prev by Date: Re: RFC2256: userPassword
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread