[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: proposed standard for password syntax

To: Pat Felsted <PFELSTED@novell.com>
Subject: Re: proposed standard for password syntax
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.Org>
Date: Wed, 27 Oct 1999 17:39:02 -0700
Cc: ietf-ldapext@netscape.com
In-reply-to: <s81734c7.015@prv-mail25.provo.novell.com>
Resent-date: Wed, 27 Oct 1999 17:40:30 -0700 (PDT)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <"s8jc_.A.k1G.Ur5F4"@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 05:21 PM 10/27/99 -0600, Pat Felsted wrote:
>The definition of a password is an octet string.

No.  The LDAP definition is:

5.36. userPassword

    ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch  
      SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )

   Passwords are stored using an Octet String syntax and are not
   encrypted.

and is derived from X.500 specifications.  Suggestions to change
this attribute type should be directed to appropriate X.500
committees.

>however many systems have overloaded the syntax to add hashes
>as suggested in RFC 2307.

RFC2307 is Informational (and informational).  However, in this
case, it describes an ill advised practice, a practice which is
in direct conflict with RFC2256.

>This proposal attempts to standardize this overloading only for backward
>compatibility.

It's inappropriate to change to the specification of a standard
track RFC defined attribute type without changing it's name and OID.

	Kurt

Follow-Ups:
- RE: proposed standard for password syntax
  - From: Steve Hoffman <steve.hoffman@pobox.com>

Prev by Date: Re: proposed standard for password syntax
Next by Date: Re: proposed standard for password syntax
Index(es):
- Chronological
- Thread