[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Comments on draft-zeilenga-ldap-authpasswd-01.txt

To: bobj@cup.hp.com
Subject: Re: Comments on draft-zeilenga-ldap-authpasswd-01.txt
From: Mark Wahl <M.Wahl@INNOSOFT.COM>
Date: Tue, 15 Feb 2000 15:37:38 -0600
Cc: kurt@openldap.org, ietf-ldapext@netscape.com
In-reply-to: "Your message of Tue, 15 Feb 2000 13:27:50 PST." <008e01bf77f8$d976cea0$a6820d0f@cup.hp.com>
Resent-date: Tue, 15 Feb 2000 13:38:33 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <iENJ8.A.vGG.Pdcq4@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

> I may be a bit green in understanding DIGEST-MD5, but why would having an
> already-hashed password help an LDAP server implement DIGEST-MD5 SASL binds?
> Doesn't DIGEST-MD5 authentication require the server to generate a nonce
> each time a bind is performed?  Thus, how is having a pre-hashed value
> useful?

You might want to take a look at draft-wahl-ldap-digest-example-00.txt, which
describes how one vendor implements DIGEST-MD5 with hashed passwords.

Mark Wahl, Directory Product Architect
Innosoft International, Inc.

References:
- Comments on draft-zeilenga-ldap-authpasswd-01.txt
  - From: Bob Joslin <bobj@cup.hp.com>

Prev by Date: Comments on draft-zeilenga-ldap-authpasswd-01.txt
Next by Date: draft-ietf-ldapext-ldapv3-tls-06.txt proposed change
Index(es):
- Chronological
- Thread