[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple authentication

To: "James M. Moe" <moe_jim@burr-brown.com>
Subject: Re: Simple authentication
From: Mark Wilcox <mewilcox@unt.edu>
Date: Tue, 29 Sep 1998 09:32:00 -0500
Cc: LDAP mailing list <openldap-general@openldap.org>
References: <199809282311.XAA23938@galois.boolean.net>

Like about every other Internet protocol, you would have to send the authentication
information encrypted. You could use SSL or SASL. I know someone has  written a Kerberos
service for SASL, though I don't know much about it or if it would work with OpenLDAP.

Mark

James M. Moe wrote:

>     Can someone point me to a description of how the authentication scheme(s) work in
> LDAP?
>     I cannot see how a simple, password-based method would work securely:
>     If the password is sent in the clear to the the server and hashed there for
> comparison with a stored value, the password can be captured in route by a bad entity
> and later used in some nefarious way.
>     If the password is hashed by the client, the password itself is secure (well...)
> and the server compares it to the stored hashed value. Again the value can be captured
> in route by a bad entity and later used in some nefarious way.
>     What am I missing here?
>
> Jim Moe

--
Mark Wilcox
mewilcox@unt.edu
University of North Texas  (940)565-2568
http://www.unt.edu/
-----------------------personal------------------------
Netscape Developer Champion: Directory Developers Newsgroup
http://people.unt.edu/~mewilcox/

References:
- Simple authentication
  - From: "James M. Moe" <moe_jim@burr-brown.com>

Prev by Date: Re: no version of ldap seems to compile on Linux "Out-of-the box"
Next by Date: /usr/local/libexec is a file not directory
Index(es):
- Chronological
- Thread