directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <ste...@labeo.de>
Subject Re: [SASL] SASL plan
Date Tue, 06 Mar 2007 14:49:13 GMT
Alex Karasulu wrote:
> Stefan Zoerner last year hooked up a way to use digested passwords in the
> userPassword field I think.  I wonder if there could be issues with SASL 
> and
> this mechanism if the password value in the entry is already really a digest
> rather than the password itself in plain text.  Just wanted to mention a 
> potential
> problem here.  I guess you can just check if {SHA1} {MD5} prefixes are 
> present
> in the password value before performing the test.  If it is then if the 
> digest algol
> matches then just compare the supplied value with the digest values stored.

You are right, Alex. The feature is described (from a user's point o 
view) here:

http://directory.apache.org/apacheds/1.0/31-authentication-options.html

But the server does not digest passwords on his own account, the user 
(or his tools) has to calculate the value and transmit it. I still plan 
to write a simple interceptor as an example for the docs, which exactly 
does this, but this is another story.

Digesting userPassword values in conjunction with SASL DIGEST won't 
work, we should clarify this in the documentation.

Greetings from Hamburg,
     Stefan


Mime
View raw message