[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap authentication (?)

To: Julio Sánchez Fernández <j_sanchez@stl.es>
Subject: Re: ldap authentication (?)
From: Jan Iven <j.iven@rz.uni-sb.de>
Date: 22 Apr 1999 09:36:58 +0200
Cc: Sunil Ghelani <ghelani@cs.umn.edu>, openldap-general@OpenLDAP.org
In-reply-to: Julio Sánchez Fernández's message of "Thu, 22 Apr 1999 09:20:41 +0200"
References: <Pine.GSO.4.05.9904220147290.23769-100000@mega.cs.umn.edu> <371ECDC9.CB2D9438@stl.es>

Julio Sánchez Fernández <j_sanchez@stl.es> writes:

.... 
> Of course, reusable authentication info sucks, reusable information
> info stored in a symetrical format (not hashed) sucks harder and when
> that kind of authentication info travels unencrypted its suckiness
> raises to inimaginable heights.  And then there is session stealing
> and all that.

The LDAP server supports hashed password entries, with selectable Hashes. Simply use
userPassword: {crypt}xxxyyyzzy
or
userPassword: {md5}xxxyyyzzy

Use ACLs to keep everybody from reading passwords but their own.

Using stunnel <http://mike.daewoo.com.pl/computer/stunnel/>, you can
rather easily encrypt the communication between client and server.

> 
> To sum up, be careful.

agreed.
-- 
Jan Iven
Rechenzentrum, Universitaet des Saarlandes
Tel. ++49 +681 302-3623
Fax. ++49 +681 302-4462

Follow-Ups:
- Re: ldap authentication (?)
  - From: Julio Sánchez Fernández <j_sanchez@stl.es>
- RE: ldap authentication (?)
  - From: "Ranjan Bagchi" <ranjan.bagchi@pobox.com>

References:
- ldap authentication (?)
  - From: Sunil Ghelani <ghelani@cs.umn.edu>
- Re: ldap authentication (?)
  - From: Julio Sánchez Fernández <j_sanchez@stl.es>

Prev by Date: Re: ldap authentication (?)
Next by Date: Re: ldap authentication (?)
Index(es):
- Chronological
- Thread