[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: RFC2256: userPassword

To: hyc@symas.com
Subject: RE: RFC2256: userPassword
From: Paul Leach <paulle@microsoft.com>
Date: Thu, 01 Jul 1999 13:55:29 -0700
Cc: ietf-ldapext@netscape.com
Resent-date: Thu, 01 Jul 1999 14:12:18 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"tyx-D.A.yBF.nm9e3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

> >>Your decorated hash values don't do the client any good if he only
> >>has Compare access and not Read access - how does the 
> client find out
> >>which hash is in use? It seems to me that client-side validation is
> >>really precluded here.

And a good thing, too. I'll assert that any scheme for client side
validation (that we've discussed here) is too insecure.

The client can validate the password by using it to try to make an
authenticated connection to the server.

Paul

Prev by Date: RE: RFC2256: userPassword
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread