[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: RFC2256: userPassword

To: Paul Leach <paulle@microsoft.com>, 'JR Heisey' <jr.heisey@mediagate.com>
Subject: RE: RFC2256: userPassword
From: Howard Chu <hyc@symas.com>
Date: Thu, 01 Jul 1999 16:32:23 -0700
Cc: ietf-ldapext@netscape.com
Importance: Normal
In-reply-to: <CB6657D3A5E0D111A97700805FFE65870B48E423@RED-MSG-51>
Resent-date: Thu, 01 Jul 1999 16:30:07 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"VIC19B.A.SSC.4n_e3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

> -----Original Message-----
> From: Paul Leach [mailto:paulle@microsoft.com]
> > -----Original Message-----
> > From: JR Heisey [mailto:jr.heisey@mediagate.com]
> > Sent: Thursday, July 01, 1999 2:15 PM
> > To: Paul Leach
> > Cc: ietf-ldapext@netscape.com
> > Subject: Re: RFC2256: userPassword

> > My problem with this is that it gives the third party
> > software access to all of my (assuming I'm the accounting
> > system user) access to LDAP user information and possibly
> > access to anything else that I have rights to. Which may or
> > may not be a problem.
>
> In _all_ the cases you presented, the third party software had your
> password, in the clear. In which case, if it isn't trustworthy, it has
> access to everything you hold dear. (Everything accessible with that
> password, anyway.)

True. But if you use Compare on some arbitrary attributes (other than
userPassword) then you at least haven't given away your entire LDAP account
all in one shot.

Are we getting closer or farther on this...

Follow-Ups:
- Re: RFC2256: userPassword
  - From: dboreham@netscape.com (David Boreham)

References:
- RE: RFC2256: userPassword
  - From: Paul Leach <paulle@microsoft.com>

Prev by Date: Re: RFC2256: userPassword
Next by Date: Re: RFC2256: userPassword
Index(es):
- Chronological
- Thread