Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9F19EE7AC for ; Mon, 18 Feb 2013 21:09:45 +0000 (UTC) Received: (qmail 35635 invoked by uid 500); 18 Feb 2013 21:09:44 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 35609 invoked by uid 500); 18 Feb 2013 21:09:44 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Delivered-To: moderator for users@directory.apache.org Received: (qmail 25419 invoked by uid 99); 18 Feb 2013 19:40:00 -0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 441112.72051.bm@omp1070.mail.ne1.yahoo.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1361216368; bh=P9faQSuguqFXVqZqxjAjY4c6dTo7TYNpXLCFLXgiMAU=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=j15ull1eyu3Jd0qkOQSuo3G577uzwt8TMab+ID+gmKvPwTYJY6g/evKIx+/y6dZwWHPHNNs6pswDIFV6dhLdLqgf/VLnv+qKhuu0j+SBj1yQc9rxIdUe4VDp+KdG9hOi2WIcDWHzI2RYDZEpTFsWxae4ALY/e13oMOAqbXiTzv0= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=rb9gD+cnHl4Ys05QF8mcQRCV2w+xgcqWe5g3YdbU468Ro6axZbKK6Ku/C5pXvEYKiJbwgHCnuriqRAXvoV8WOA2N44jOfHFb2A3F7PzLImENRCK/gA3FEkavxmyVTS+YUbNjTZZsgMHhIt9TRwHHLLwOaVxMzgvL7E+6RAiW69I=; X-YMail-OSG: HC1UK8gVM1n7og6d2Qn1dXrU6OZZPyCm9N66L6TFFhSO3_H vz_AXShQY.Vrms1VEHm9tYAsMQ0SJQJvw8EFSzjfKwX.Q4fk8LDK6bVjr36m 1OQsUYVvLXh7hpLm9AEhKd6Cb8tR3_y347heG9IkvusaK4uMX.eKTP.OS9sB v8rSRiJNgCgQVvxEcde_IwVtuGbvHNtcG3XKpkXxojppfMa9J7Q09YMeyG4B z0qkpOo.sHQsOVmu4sH2eYGtMKqJmoOV63ZESjLsbEta0ZSpINW_QSXGYRhG fRGDoPMFs08sG6j_nXCAbuCv7j72inmJRL34yENFh70NQuYe7KIlS4EnNANq BucIlyCwVxQ6kcU0UwDsQfPyqkqpl3GGM_m6rqNDg7IgpBGTPlxIZOJI4skJ wQ_CI3ylQVsA6Cev0XYjefbnRyoMzdc4fO0TXicP39SRduWeWLsbTkQSEnu5 1ZZW9rNu.BpSd5vnly7jqCciSEIUrl3TIgcJS2d.tG3Hxzf9_ZkQqDShvQw6 tTQNTnahH.Q61uoZ.Pjq379d7ZhfOirWLx_teTmSAJ7l8gfu_LSoKDzZB8Wg YgSNUFllxFWlCUsW3ihz5 X-Rocket-MIMEInfo: 001.001,SGkgS2lyYW4sCgpUaGFuayB5b3UgdmVyeSBtdWNoIGZvciB5b3VyIHJlc3BvbnNlLi4uLgoKLS1TdXJlc2gKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwogRnJvbTogS2lyYW4gQXl5YWdhcmkgPGtheXlhZ2FyaUBhcGFjaGUub3JnPgpUbzogdXNlcnNAZGlyZWN0b3J5LmFwYWNoZS5vcmc7IHN1cmVzaCByYW1hbXVydGh5IDxzdXJlc2hfcmVudXJhbUB5YWhvby5jb20.IApTZW50OiBGcmlkYXksIEZlYnJ1YXJ5IDE1LCAyMDEzIDEwOjMwIFBNClN1YmplY3Q6IFJlOiBDYW4gd2Ugc2VuZCBTSEEBMAEBAQE- X-Mailer: YahooMailWebService/0.8.134.513 References: <1360981315.9373.YahooMailNeo@web121506.mail.ne1.yahoo.com> Message-ID: <1361216368.39215.YahooMailNeo@web121502.mail.ne1.yahoo.com> Date: Mon, 18 Feb 2013 11:39:28 -0800 (PST) From: suresh ramamurthy Reply-To: suresh ramamurthy Subject: Re: Can we send SHA of password as the credential for LDAP authentication.. To: Kiran Ayyagari , "users@directory.apache.org" In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="1319493512-1881322431-1361216368=:39215" X-Virus-Checked: Checked by ClamAV on apache.org --1319493512-1881322431-1361216368=:39215 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi Kiran,=0A=0AThank you very much for your response....=0A=0A--Suresh=0A= =0A=0A________________________________=0A From: Kiran Ayyagari =0ATo: users@directory.apache.org; suresh ramamurthy =0ASent: Friday, February 15, 2013 10:30 PM=0ASubject: Re: C= an we send SHA of password as the credential for LDAP authentication..=0A = =0A=0A=0A=0A=0AOn Sat, Feb 16, 2013 at 7:51 AM, suresh ramamurthy wrote:=0A=0AHi..=0A>=0A>We have a requirement to not send= clear text as the credential for LDAP bind operation.=A0=0A>=0A>So, we sto= re SHA of the password in the Apache DS LDAP server and we would like to se= nd the SHA of the password from client as=0A>the user credential for LDAP a= uthentication. For example, we can set the password as {SHA}blah..blah...= =0A>=0A>Is it possible to configure Apache DS to ignore hash conversion of = the input password and just compare the password with LDAP DB?=0A>=0A>I goo= gled for couple of days and I also looked in the Apache DS code and found t= hat during bind operation, input password is hashed=0A>using the algorithm = stored along with the password in LDAP DB and then the result is compared.= =A0=0A>=0A>Can any one please shed light on this and let me=A0know if we ca= n send SHA of the password from client instead of the real password for LDA= P authentication.=A0=0A>Also, is this a valid approach or sending clear pas= sword from client is the only approach(assuming ssl is enabled..)=0A>=0A>= =0Athis is not the correct way to perform bind operation with the server, u= se startTLS with clear text password=0A=0AThanks,=0A>Suresh=0A=0A=0A-- =0AK= iran Ayyagari=0Ahttp://keydap.com --1319493512-1881322431-1361216368=:39215--