[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: URL binding.

To: "Stewart, Jeffrey E" <Jeffrey.Stewart@JSF.Boeing.com>
Subject: Re: URL binding.
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 03 Nov 2000 09:58:28 -0800
Cc: "'openldap-general@OpenLDAP.org'" <openldap-general@OpenLDAP.org>
In-reply-to: <414721C6C2D0D111B37C00805FE6ABBD0203B262@xch-jsf-01.ds.boe ing.com>

At 09:36 AM 11/3/00 -0800, Stewart, Jeffrey E wrote:
>RFC2255 references the ability to bind using the "bindname" extension, but
>it does not reference how to pass a password.

Because you shouldn't pass a password around in a URL.
If a bindname is present, the client should prompt for
the password when needed.  Of course, the client should
not use simple bind unless adequate security protections
are in place.

Kurt

Prev by Date: URL binding.
Next by Date: book
Index(es):
- Chronological
- Thread