[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: RFC2256: userPassword
An important consideration is the interaction of hashed passwords and
SASL mechanisms. The conventions of {CRYPT}, {SHA}, {SSHA} may not allow
interoperability using the MTI DIGEST-MD5 mechanism, or other SASL
password protection mechanisms. As a vendor while we supported DES, MD4 and
SHA-1 / salted SHA-1 hashing for transition purposes where the clients use the
'simple' bind, our engineers needed to create a new convention form that
would support DIGEST-MD5 while still obfuscating the password value in the
server.
Mark Wahl, Directory Product Architect
Innosoft International, Inc.