thank you. I missed the subtle "altscheme".
-----Original Message-----
From: Pat Felsted [mailto:PFELSTED@novell.com]
Sent: Friday, October 29, 1999 1:58 PM
To: samiklo@missi.ncsc.mil; ietf-ldapext@netscape.com
Subject: RE: proposed standard for password syntaxes
Actually there is no constraint to use only MD5 or SHA. With the mechanism you could use any hash that you wanted. However, to be compatible with other systems those hashs would need to be availble. Section 5 has the following:
attributedescription = attributename / attributename sep
attributeoption
attributename = "userPassword"
sep = ";"
attributeoption = schemeclass "-" scheme
schemeclass = "hash" / altschemeclass
scheme = "crypt" / "md5" / "sha" / altscheme
altschemeclass = "x-" keystring
altscheme = keystring
so to use a different hash (ldaphash) the definition would be
userpassword;x-ldaphash: <the hashed password goes here>
I hope this is clear.
Pat Felsted
Novell, Inc.
>>> "Miklos, Sue A." <samiklo@missi.ncsc.mil> 10/29/99 08:59AM >>>
I would like to request that the constraint of MD5 / SHA be lifted and that
the syntax be extended for other choices.
Sandi Miklos
-----Original Message-----
From: Pat Felsted [mailto:PFELSTED@novell.com]
Sent: Wednesday, October 27, 1999 2:41 PM
To: ietf-ldapext@netscape.com
Subject: proposed standard for password syntaxes
Attached is a proposed standard for password syntaxes. It follows what is
commonly being used. We need the definition solidified so we can move
forward with it.
Pat Felsted
Novell, Inc.