[Date Prev][Date Next]
RE: SASL LDAP plugin
At 04:35 PM 2002-06-13, Howard Chu wrote:
>> -----Original Message-----
>> From: Luke Howard [mailto:lukeh@PADL.COM]
>> Actually, what I said isn't relevant, as you're interested in retrieving
>> secrets, not proxying the entire SASL bind, right?
>Right. Proxying the bind itself is a possibility, but that means e.g.
>providing an LDAP-specific implementation of the CRAM-MD5 or DIGEST-MD5 SASL
>plugins. Way too messy.
You cannot proxy DIGEST-MD5... it has server-in-the-middle protection*.
* at least in theory... IIRC, it's not implemented.