[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Debugging a user authentication

Hallvard B Furuseth wrote:
Howard Chu writes:

[Pulling last line up front]
userPassword is a string of *octets* not *characters*...

This is backwards. That simply means anything can be stored there - so password charset policy, if any, is up to whoever stores userPassword values.

Yupp. And this lead to interop problems.

 As in fact RFC 4519 2.41 paragraph 2 says:

   2.41.  'userPassword'
   The application SHOULD prepare textual strings used as passwords
   by transcoding them to Unicode, applying SASLprep [RFC4013], and
   encoding as UTF-8.  The determination of whether a password is
   textual is a local client matter.

And that was good progress!

This has been debated on ietf-ldapbis:
(The "References" and "Follow-Ups" links are not complete in this archive. You have to sometimes click on "Next by Date".)

Ciao, Michael.