[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RFC2256: userPassword

To: Bob Bick <bobb@sqribe.com>, " ietf-ldapext@netscape.com" <ietf-ldapext@netscape.com>
Subject: Re: RFC2256: userPassword
From: dboreham@netscape.com (David Boreham)
Date: Thu, 01 Jul 1999 10:07:49 -0700
References: <CB6657D3A5E0D111A97700805FFE65870B48E400@RED-MSG-51> <377A5394.108C8B9@netscape.com> <377B9E49.4CD82AB7@sqribe.com>
Resent-date: Thu, 01 Jul 1999 10:00:31 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"dEtov.A.u0E.n65e3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Bob Bick wrote:

> > You don't authenticate by client compare
> > of credentials, you authenticate by means
> > of the LDAP bind operation. Hence the password
> > validation mechanism is obscure to the client.
> 
> Wouldn't that be much slower (i.e. binding is slower than comparison).

No. (only one "no" this time).

> If a system desires to authenticate users based on LDAP, they desire to
> connect just once so that performance is reasonable.

Connect once, yes, but that's orthogonal to 
whether you use bind or compare. Note
that multiple consecutive bind operations may be sent
on a connection.

References:
- Re: RFC2256: userPassword
  - From: Bob Bick <bobb@sqribe.com>

Prev by Date: RE: LDAP Tree Delete Control - draft-armijo-ldap-treedelete-01.tx t
Next by Date: RE: RFC2256: userPassword
Index(es):
- Chronological
- Thread