[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: SASL LDAP plugin

At 04:35 PM 2002-06-13, Howard Chu wrote:
>> -----Original Message-----
>> From: Luke Howard [mailto:lukeh@PADL.COM]
>> Actually, what I said isn't relevant, as you're interested in retrieving
>> secrets, not proxying the entire SASL bind, right?
>Right. Proxying the bind itself is a possibility, but that means e.g.
>providing an LDAP-specific implementation of the CRAM-MD5 or DIGEST-MD5 SASL
>plugins. Way too messy.

You cannot proxy DIGEST-MD5... it has server-in-the-middle protection*.

* at least in theory... IIRC, it's not implemented.