[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Many passwords

To: "Dan Weinreb" <dlw@exceloncorp.com>
Subject: Re: Many passwords
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 07 Feb 2001 16:59:21 -0800
Cc: openldap-general@OpenLDAP.org
In-reply-to: <200102072223.RAA21223@sparcbert.odi.com>

At 05:23 PM 2/7/01 -0500, Dan Weinreb wrote:
>In general, a person may have many different passwords, for
>authenticating himself or herself to different Internet hosts or
>different applications (database systems on database servers, etc).
>The userPassword attribute of the standard LDAPv3 schemas (RFC 2256)
>is multi-valued, but simply providing a set of passwords isn't good
>enough since it doesn't say which password is for which
>host/application.  The same is true of userCertificate.

userPassword allows multiple passwords for the user without
regard to application.  That is, the user should be able to
any of the passwords with any application using the userPassword
attribute.  They are not meant to be tied to specific applications.

>How is this handled?  Is each value of userPassword treated as
>compound entry that specifies both the password and what it's a
>password for (ugh!)?

No.

Of course, one only needs one password to authenticate a user.
But that's another issue.

Kurt

References:
- Many passwords
  - From: Dan Weinreb <dlw@exceloncorp.com>

Prev by Date: Re: Many passwords
Next by Date: Re: Many passwords
Index(es):
- Chronological
- Thread