[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RFC2256: userPassword

To: Paul Leach <paulle@microsoft.com>
Subject: Re: RFC2256: userPassword
From: JR Heisey <jr.heisey@mediagate.com>
Date: Thu, 01 Jul 1999 14:14:34 -0700
Cc: ietf-ldapext@netscape.com
Organization: MediaGate, Inc.
References: <CB6657D3A5E0D111A97700805FFE65870B48E41F@RED-MSG-51>
Resent-date: Thu, 01 Jul 1999 14:15:14 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"SHRaJB.A.zTF.Zp9e3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

My problem with this is that it gives the third party
software access to all of my (assuming I'm the accounting
system user) access to LDAP user information and possibly
access to anything else that I have rights to. Which may or
may not be a problem.

JR

Paul Leach wrote:
> 
> > -----Original Message-----
> > From: JR Heisey [mailto:jr.heisey@mediagate.com]
> > Sent: Thursday, July 01, 1999 10:57 AM
> > Solutions:
> > 2a) call ldap_bind() with the users DN and password then
> > allow access to the accounting function when the bind
> > succeeds.
> > ( Not my favorite choice. )
> 
> But the only secure one that does not expose too much information about the
> password (that has been discussed so far).
> 
> Paul

-- 
-
J. R. Heisey

Follow-Ups:
- Re: RFC2256: userPassword
  - From: JR Heisey <jr.heisey@mediagate.com>
- Re: RFC2256: userPassword
  - From: dboreham@netscape.com (David Boreham)

References:
- RE: RFC2256: userPassword
  - From: Paul Leach <paulle@microsoft.com>

Prev by Date: RE: RFC2256: userPassword
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread