[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: proposed standard for password syntax
Would someONE please post unsubscribe directions. I can't find them on
Netscape's site.
TIA,
STeve
> -----Original Message-----
> From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.Org]
> Sent: Wednesday, October 27, 1999 8:39 PM
> To: Pat Felsted
> Cc: ietf-ldapext@netscape.com
> Subject: Re: proposed standard for password syntax
>
>
> At 05:21 PM 10/27/99 -0600, Pat Felsted wrote:
> >The definition of a password is an octet string.
>
> No. The LDAP definition is:
>
> 5.36. userPassword
>
> ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
>
> Passwords are stored using an Octet String syntax and are not
> encrypted.
>
> and is derived from X.500 specifications. Suggestions to change
> this attribute type should be directed to appropriate X.500
> committees.
>
> >however many systems have overloaded the syntax to add hashes
> >as suggested in RFC 2307.
>
> RFC2307 is Informational (and informational). However, in this
> case, it describes an ill advised practice, a practice which is
> in direct conflict with RFC2256.
>
> >This proposal attempts to standardize this overloading only for backward
> >compatibility.
>
> It's inappropriate to change to the specification of a standard
> track RFC defined attribute type without changing it's name and OID.
>
> Kurt
>
>