[Date Prev][Date Next]
Re: access control puzzlement
On Tue, 11 May 1999, Eric S. Johansson wrote:
> for example: if a client binds to dn: ou=Garnet,ou=jewelry,ou=store, the
> expectation is that Garnet is a node with the attribute userpassword and
> that password is used as part of the authentication for
> changing/reading/comparing attributes in that dn. Correct?
That's right on.
> >The first rule is to make sure that people browsing the directory don't see
> >other's passwords.
> that's a good thing to point out. It's obvious to anyone with any security
> experience but it's not obvious to all.
And not particularly obvious until you notice it in a search result, and
suddenly realize that userpassword is just an attribute, like any one
else Just happens to be pretty confidential stuff.