[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: RFC2256: userPassword

To: "'dboreham@netscape.com'" <dboreham@netscape.com>, " ietf-ldapext@netscape.com" <ietf-ldapext@netscape.com>
Subject: RE: RFC2256: userPassword
From: Paul Leach <paulle@microsoft.com>
Date: Wed, 30 Jun 1999 10:07:25 -0700
Resent-date: Wed, 30 Jun 1999 10:19:26 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"U9JePC.A.4BF.TGle3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com


> -----Original Message-----
> From: dboreham@netscape.com [mailto:dboreham@netscape.com]
> Sent: Wednesday, June 30, 1999 8:54 AM

> Netscape implements a set of standard hashes
> including SHA-1 and crypt. Some other vendors
> support one or more of these hashing functions. 
> 
> Seems to me that you will not get intervendor
> replication to work unless some common standard
> for password hashing is agreed upon.
> An alternative would be to transmit passwords
> in the clear or in reversibly hashed form.
> I can't see that proving popular with customers.
> 

This has nothing to do with replication, as far as I can see. If I'm a
client of LDAP, and I want to check if a user name and password that I have
been given go together, then I need to know what hash to use so I can
compare with what's stored in the userPassword attribute on that user's
account object in the directory. Seems like you are saying that its
different for each different vendor.

Paul

Follow-Ups:
- Re: RFC2256: userPassword
  - From: dboreham@netscape.com (David Boreham)

Prev by Date: Re: RFC2256: userPassword
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread