[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword compare fix

Kurt D. Zeilenga wrote:

The current behavior is not considered a bug and hence
it doesn't need "fixing". See RFC 2251/2252/2256.

I'm fairly sure that the behavior of the Netscape (and hence Sun)
server was unintended. The code that does the hashing of the comparison
value is deeply buried in the syntax plugin: a long way from the compare
operation code. In fact I remember attempting to 'fix' it (that is, not hash
the comparison value) a long time ago, only to discover that people had
written applications that depended on the broken behavior...