[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: I-D ACTION:draft-zeilenga-ldap-authpasswd-00.txt
At 10:51 AM 12/22/99 -0500, Salter, Thomas A wrote:
>It's not clear from this draft who has access to the clear text password.
The value of authPassword is designed to store a hash of the user's
password. The values of authPassword may be protected by ACLs
or other mechanisms.
>The definition of authPasswordMatch uses the same syntax as the authPassword
>attribute. One of these must contain the clear text password if the server
>is going to recompute the hash.
I may have defined the match incorrectly. I intended the client to
only provide the clearTextValue and for the server to do
"The Right Thing".
>It would also be able to explain how this attribute is used in conjunction
>with an Ldap bind (or refer to an appropriate document).
I would be willing to add a section describing how the attribute
MAY be used with LDAP bind. I do not want to limit bind to any
particular storage mechanism or limit any particular storage
mechanism to LDAP bind. That is, I intend to maintain clear and
distinct separation of authentication protocol and storage
of authentication information.
> > -----Original Message-----
> > From: Internet-Drafts@ietf.org [mailto:Internet-Drafts@ietf.org]
> > Sent: Wednesday, December 22, 1999 6:57 AM
> > Cc: ietf-ldapext@netscape.com
> > Subject: I-D ACTION:draft-zeilenga-ldap-authpasswd-00.txt
> >
> >
> > A New Internet-Draft is available from the on-line
> > Internet-Drafts directories.
> >
> >
> > Title : LDAP Authentication Password Attribute
> > Author(s) : K. Zeilenga
> > Filename : draft-zeilenga-ldap-authpasswd-00.txt
> > Pages : 7
> > Date : 21-Dec-99
> >
> > This document describes schema for storing authentication
> > passwords in
> > a LDAP [RFC2251] directory. The document provides schema definitions
> > for authPassword and related schema definitions. The authPassword is
> > meant to used instead of clear text password storage mechanisms such
> > as userPassword [RFC2256]. The attribute may be used to store SASL
> > [RFC2222] authentication passwords in entries of a directory.
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-zeilenga-ldap-authp
>asswd-00.txt
>
>Internet-Drafts are also available by anonymous FTP. Login with the username
>"anonymous" and a password of your e-mail address. After logging in,
>type "cd internet-drafts" and then
> "get draft-zeilenga-ldap-authpasswd-00.txt".
>
>A list of Internet-Drafts directories can be found in
>http://www.ietf.org/shadow.html
>or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
>
>Internet-Drafts can also be obtained by e-mail.
>
>Send a message to:
> mailserv@ietf.org.
>In the body type:
> "FILE /internet-drafts/draft-zeilenga-ldap-authpasswd-00.txt".
>
>NOTE: The mail server at ietf.org can return the document in
> MIME-encoded form by using the "mpack" utility. To use this
> feature, insert the command "ENCODING mime" before the "FILE"
> command. To decode the response(s), you will need "munpack" or
> a MIME-compliant mail reader. Different MIME-compliant mail readers
> exhibit different behavior, especially when dealing with
> "multipart" MIME messages (i.e. documents which have been split
> up into multiple messages), so check your local documentation on
> how to manipulate these messages.
>
>
>Below is the data which will enable a MIME compliant mail reader
>implementation to automatically retrieve the ASCII version of the
>Internet-Draft.
>
>
----
Kurt D. Zeilenga <kurt@boolean.net>
Net Boolean Incorporated <http://www.boolean.net/>