[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Comments on draft-zeilenga-ldap-authpasswd-01.txt

To: bobj@cup.hp.com
Subject: Re: Comments on draft-zeilenga-ldap-authpasswd-01.txt
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 15 Feb 2000 15:31:27 -0800
Cc: ietf-ldapext@netscape.com
In-reply-to: <008e01bf77f8$d976cea0$a6820d0f@cup.hp.com>
Resent-date: Tue, 15 Feb 2000 15:32:15 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <Bs1q4D.A._BG.uHeq4@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

At 01:27 PM 2/15/00 -0800, Bob Joslin wrote:
>I may be a bit green in understanding DIGEST-MD5, but why would having an
>already-hashed password help an LDAP server implement DIGEST-MD5 SASL binds?

DIGEST-MD5 is designed such that servers need not store the clear
text password; they may store a derived value instead.  The
authPassword draft describes how this derived value (with
other information useful in implementing the mechanism) may
be stored in the directory.  See DIGEST-MD5, Section 3.9.

>As Mark Smith pointed out, you omitted "crypt".  I reviewed your reply but
>still think we would like to see your draft mention "crypt."

This document is intended for the standard track.  Inclusion
of a crypt scheme, IMO, is incompatible with this intent for
reasons previously stated.  I beleive it appropriate to handle
introduction of a crypt scheme as an extension described by a
separate document not on the standard track.

References:
- Comments on draft-zeilenga-ldap-authpasswd-01.txt
  - From: Bob Joslin <bobj@cup.hp.com>

Prev by Date: draft-ietf-ldapext-ldapv3-tls-06.txt proposed change
Next by Date: RE: Comments on draft-zeilenga-ldap-authpasswd-01.txt
Index(es):
- Chronological
- Thread