[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Debugging a user authentication

Andrew Findlay writes:
> (1): The latest LDAP spec introduced pwprep to solve this problem,
> but hardly anything implements it yet. It will be many years before
> you can depend on common LDAP clients doing itproperly.

It's not just a client-side issue.  Most sites store a password hash in
their server rather than the cleartext password.  That means the client
needs to encode password with the same character encoding and
preparation as whatever hashed the server-side password.  (E.g. the
/etc/passwd program.)  Or the server needs to prepare cleartext
passwords it receives from the client the same way, but it's likely a
bad idea for the server to e.g. assume client passwords are latin-1 and
convert to UTF-8.