[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: RFC2256: userPassword

To: ietf-ldapext@netscape.com, hyc@symas.com
Subject: RE: RFC2256: userPassword
From: Robert Allen <robert.allen@eng.Sun.COM>
Date: Thu, 01 Jul 1999 10:11:24 -0700 (PDT)
Content-md5: BwpekdwWbZ0Qst0NvMEfgA==
Resent-date: Thu, 01 Jul 1999 10:12:03 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"DAlPkC.A.8UG.PF6e3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

One might argue that a user should know their format, rather than
allowing users to read their password in order to figure out the
format, as a security point.  If this level of complexity isn't
acceptable to a user base then it should perhaps be left to the
group which maintains the directory to write web interfaces, etc.,
which take care of the decoration choice.

Robert Allen
rja@Eng.Sun.COM

>>Your decorated hash values don't do the client any good if he only
>>has Compare access and not Read access - how does the client find out
>>which hash is in use? It seems to me that client-side validation is
>>really precluded here.

Follow-Ups:
- Re: RFC2256: userPassword
  - From: JR Heisey <jr.heisey@mediagate.com>

Prev by Date: RE: RFC2256: userPassword
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread