[Date Prev][Date Next] [Chronological] [Thread] [Top]

Use of user name with DIGEST-MD5 in LDAP

To: ietf-ldapext@netscape.com
Subject: Use of user name with DIGEST-MD5 in LDAP
From: Sylvain DULOUTRE <sylvain.duloutre@france.Sun.COM>
Date: Thu, 02 Sep 1999 15:47:52 +0200
Organization: Sun Microsystems
Resent-date: Thu, 02 Sep 1999 06:48:30 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"jr0l9D.A.qpE.mAoz3"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

<draft-ietf-ldapext-authmeth-04.txt> specifies how SASL/DIGEST-MD5 authentication method can be used with LDAP.
In the first stage of authentication, when the client is performing what is called an "initial authentication" as defined in <draft-leach-digest-sasl-03.txt> the client sends a bind request w/o credentials. The server responds with a bind response with digest-challenge containing a realm string. Conceptually, this string can be used by the user so they know which username/password to use.

What is the content of the 'name' field in the initial bind request?
Is it let empty (until the realm is known so that the user can choose what dn is best to use) ?
It is set to the user authentication identity (the identity specified later in the 'username' field of the digest-response sent by the client to the server) ?

-Sylvain

-----------------------------------------------
Sylvain Duloutre
Sun Microsystems Inc.
Sun-Netscape Alliance - iPlanet Directory Group

Prev by Date: RE: use of DNS SRV records for LDAP server location?
Next by Date: RE: The proposed ;valuesSince-xxx option
Index(es):
- Chronological
- Thread