[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: draft-...-java-api-07-LDAPConnection.getAuthenticationPassword()

To: Steve Sonntag <VTAG@novell.com>
Subject: Re: draft-...-java-api-07-LDAPConnection.getAuthenticationPassword()
From: rweltman@netscape.com (Rob Weltman)
Date: Mon, 11 Oct 1999 18:02:38 -0700
Cc: ietf-ldapext@netscape.com, mcs@netscape.com, Alan Clark <ACLARK.PRV-3.PROVO@novell.com>
References: <s8022efb.097@prv-mail20.provo.novell.com>
Resent-date: Mon, 11 Oct 1999 18:02:48 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"CeYegB.A.ofC.wioA4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

Steve Sonntag wrote:

> I agree, there ought to be a way to determine the type of authentication.
>
> I don't like returning null, though, as that means "no authentication has
> been performed" which may not be the case.  Maybe there ought to be
> a more generic function, i.e. return a credential and let the mechanism figure
> out what to do with it.

  That's hard. Credentials may not always pass through the SDK; they may be handled by the client independently (some SASL mechanism or LDAPBind). In the latter cases, I don't think there is any way for the SDK to obtain the credentials used in general. The Auth Response Control draft describes a way to get the authorization ID, but not the "password".

>
>
> LDAPRebindAuth has the same sort of problem, it is tied to a password, where it probably ought to
> be tied to a credential.  This class implies that you can only follow referrals if doing simple authentication.

  That's the purpose of LDAPRebindAuth. The LDAPBind variant is for doing arbitrary authentication on following referrals (i.e. doing anything necessary, including using SASL or any mechanism known to the client but not necessarily known to the SDK).

Rob

>
>
> - Steve Sonntag
>
> > Mark C Smith <mcs@netscape.com> 11-Oct-99 5:39:29 PM >>>
> >>Rob Weltman wrote:
> >>>
> >>> Steve Sonntag wrote:
> >>>
> >>> From draft-...-api-07
> >>>
> >>>  5.6.5 getAuthenticationPassword
> >>>     public String getAuthenticationPassword()
> >>>    Returns the password used for simple authentication by this object.
> >>>   null is returned if no authentication has been performed.
> >>>
> >>> Should there be a behavior defined when authentication is not simple?
> >>>
> >>  How about returning null?
> >>
> >>   Maybe there is a need for a method to determine the type of
> >> authentication in effect?
>
> > That sounds useful to me.
>
> --
> >Mark Smith
> >
>
> ------------------------
> Steve Sonntag
> Novell Directory Services
> +1 801 861 7097

References:
- Re: draft-...-java-api-07 -LDAPConnection.getAuthenticationPassword()
  - From: Steve Sonntag <VTAG@novell.com>

Prev by Date: Re: draft-...-java-api-07 -LDAPConnection.getAuthenticationPassword()
Next by Date: Re: proposed change for matched values only control
Index(es):
- Chronological
- Thread