directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [SASL] SASL plan
Date Tue, 06 Mar 2007 16:27:56 GMT
Hi Stefan,

Thanks for chimming in with the additional info.  It might come in handy for

what Enrique is working on.

Alex

On 3/6/07, Stefan Zoerner <stefan@labeo.de> wrote:
>
> Alex Karasulu wrote:
> > Stefan Zoerner last year hooked up a way to use digested passwords in
> the
> > userPassword field I think.  I wonder if there could be issues with SASL
> > and
> > this mechanism if the password value in the entry is already really a
> digest
> > rather than the password itself in plain text.  Just wanted to mention a
> > potential
> > problem here.  I guess you can just check if {SHA1} {MD5} prefixes are
> > present
> > in the password value before performing the test.  If it is then if the
> > digest algol
> > matches then just compare the supplied value with the digest values
> stored.
>
> You are right, Alex. The feature is described (from a user's point o
> view) here:
>
> http://directory.apache.org/apacheds/1.0/31-authentication-options.html
>
> But the server does not digest passwords on his own account, the user
> (or his tools) has to calculate the value and transmit it. I still plan
> to write a simple interceptor as an example for the docs, which exactly
> does this, but this is another story.
>
> Digesting userPassword values in conjunction with SASL DIGEST won't
> work, we should clarify this in the documentation.
>
> Greetings from Hamburg,
>      Stefan
>
>

Mime
View raw message