[Date Prev][Date Next] [Chronological] [Thread] [Top]


Hi again,

another question regarding authentication: If I use ssfs to make my users
athenticate via secure (e.g. ssl) connections, is there any chance that
passwords get transmitted in clear across the wire? Currently I got 
something like that in my slapd.conf:

defaultaccess: none

access to cn="cn=.*,o=org,c=de" filter=(objectClass=person) attr=userPassword
    by dn="cn=Manager,o=org,c=de" ssf=112 write
    by self ssf=112 =w
    by * ssf=112 =x

Now a user might decide to authenticate using normal ldap through port
389. If I understood correctly, the password will be transmitted to the
server in clear text who hashes it and the compares it with its stored one
just to deny the user on base of the ssf. But what I want is that the user
can only initiate a authentification across ssl-connections and normal
ldap should never come so far transmitting a password. Can someone make me
get it? ;)
bye, Micha