[Date Prev][Date Next] [Chronological] [Thread] [Top]

Simple authentication

To: "LDAP mailing list" <openldap-general@openldap.org>
Subject: Simple authentication
From: "James M. Moe" <moe_jim@burr-brown.com>
Date: Mon, 28 Sep 1998 16:09:05 -0700

    Can someone point me to a description of how the authentication scheme(s) work in 
LDAP?
    I cannot see how a simple, password-based method would work securely:
    If the password is sent in the clear to the the server and hashed there for 
comparison with a stored value, the password can be captured in route by a bad entity 
and later used in some nefarious way.
    If the password is hashed by the client, the password itself is secure (well...) 
and the server compares it to the stored hashed value. Again the value can be captured 
in route by a bad entity and later used in some nefarious way.
    What am I missing here?


Jim Moe

Follow-Ups:
- RE: Simple authentication
  - From: "Luke Howard" <lukeh@xedoc.com.au>
- Re: Simple authentication
  - From: Mark Wilcox <mewilcox@unt.edu>

Prev by Date: Re: can anyone verify that the sample quick-start works
Next by Date: RE: Simple authentication
Index(es):
- Chronological
- Thread