directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Swanson <>
Subject Re: auth howto?
Date Sun, 05 Dec 2004 00:35:37 GMT
On December 4, 2004 6:38 pm, Enrique Rodriguez wrote:
> Alex Karasulu wrote:
> > For the security principal just make sure you use a DN to an entry that
> > has a userPassword field.  Right now the password is not using hashes
> > like md5 or crypt.  It's all clear text as a byte[].  We can change this
> > and need to soon but not in this release.
> >
> > You have anything particular in mind or any use cases you need taken
> > care of?
> My question, too, Mark.  How would you want it to work?
> When I first developed the Kerberos server it was against OpenLDAP with
> SASL-GSSAPI enabled in JNDI to do high QoP and mutual auth.  My plan was
> to help Alex add that to Eve's LDAP.  It would require you to run
> Kerberos, though.  But, we'll make that pretty easy to do with our
> integrated Kerberos/LDAP/Eve build.

I have one simple requirement: allow [email] clients to access(read_only) only 
their own addresses.

So, if I have: cn=John Smith,ou=contacts,uid=50,dc=test,dc=com then only by 
using the password "john0123" (because uid has an attribute of "userPassword" 
with a value of "john0123") will you have access to the contacts list.

Is this doable with the existing userPassword mechanism? 
Does Outlook/Thunderbird/KMail/Evolution/etc... allow the clear text 

Thank you.

BTW, in case you're wondering about updates; that's done using the 
ScheduleWorld client talking to the server, and the server is running eve 
embedded so there are no access/auth issues there.

(I can't wait to test the speed of the embeded JNDI mechanism)


Free SyncML-capable J2ME & J2SE replacement for Exchange and Outlook

View raw message