[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: RFC2256: userPassword
One might argue that a user should know their format, rather than
allowing users to read their password in order to figure out the
format, as a security point. If this level of complexity isn't
acceptable to a user base then it should perhaps be left to the
group which maintains the directory to write web interfaces, etc.,
which take care of the decoration choice.
Robert Allen
rja@Eng.Sun.COM
>>Your decorated hash values don't do the client any good if he only
>>has Compare access and not Read access - how does the client find out
>>which hash is in use? It seems to me that client-side validation is
>>really precluded here.