[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RFC2256: userPassword

To: ietf-ldapext@netscape.com
Subject: Re: RFC2256: userPassword
From: JR Heisey <jr.heisey@mediagate.com>
Date: Thu, 01 Jul 1999 14:21:25 -0700
Organization: MediaGate, Inc.
References: <CB6657D3A5E0D111A97700805FFE65870B48E41F@RED-MSG-51> <377BDA3A.B8B04B9F@mediagate.com>
Resent-date: Thu, 01 Jul 1999 14:21:41 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"k48OYD.A.9DG.ev9e3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Oh and another thing! :)

If you use Transport Layer Security then the compare
request is encrypted at the transport level. Isn't this
sufficient?

JR Heisey wrote:
> 
> My problem with this is that it gives the third party
> software access to all of my (assuming I'm the accounting
> system user) access to LDAP user information and possibly
> access to anything else that I have rights to. Which may or
> may not be a problem.
> 
> JR
> 
> Paul Leach wrote:
> >
> > > -----Original Message-----
> > > From: JR Heisey [mailto:jr.heisey@mediagate.com]
> > > Sent: Thursday, July 01, 1999 10:57 AM
> > > Solutions:
> > > 2a) call ldap_bind() with the users DN and password then
> > > allow access to the accounting function when the bind
> > > succeeds.
> > > ( Not my favorite choice. )
> >
> > But the only secure one that does not expose too much information about the
> > password (that has been discussed so far).
> >
> > Paul
> 
> --
> -
> J. R. Heisey

-- 
-
J. R. Heisey

References:
- RE: RFC2256: userPassword
  - From: Paul Leach <paulle@microsoft.com>
- Re: RFC2256: userPassword
  - From: JR Heisey <jr.heisey@mediagate.com>

Prev by Date: Re: RFC2256: userPassword
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread