[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos and DIGEST-MD5

To: "Jose Gonzalez Gomez" <jgonzalez@opentechnet.com>
Subject: Re: Kerberos and DIGEST-MD5
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Tue, 27 Jul 2004 22:56:42 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <410647C9.6020009@opentechnet.com>
References: <410647C9.6020009@opentechnet.com>
User-agent: SquirrelMail/1.4.3a-1

>     So what's the problem? It seems that to build a LDAPv3 compliant
> server I must provide DIGEST-MD5 authentication to the LDAP server, and
> this is what I don't know how to achieve in a clean manner. In order to
> have DIGEST-MD5 working I must have a clear text password stored
> somewhere (correct me if I'm wrong), but it seems that Kerberos doesn't
> have it, or I don't know how to use it in the DIGEST-MD5 authentication
> process. It seems that Cyrus SASL *does need* this password stored in
> its sasldb2 database to be able to successfully offer DIGEST-MD5, but
> this would mean that I'd have duplicated information and I'd have to
> sync both databases (Kerberos and SASL) whenever a password change
> occurs. So, am I missing anything here? Is there any clean solution for
> this?

No clear answer to your question; only, I note that you *don't need* a
cleartext password in sasldb2; it can be in the directory (yet in
cleartext).

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- Kerberos and DIGEST-MD5
  - From: Jose Gonzalez Gomez <jgonzalez@opentechnet.com>

Prev by Date: Re: authentication by openldap
Next by Date: Re: Kerberos and DIGEST-MD5
Index(es):
- Chronological
- Thread