Re: comments to draft-ietf-ldapbis-authmeth-04.txt

[Alexey Melnikov <Alexey.Melnikov@isode.com>]

Hallvard B Furuseth wrote:

> Alexey Melnikov writes:
>
> > Hallvard B Furuseth wrote:
> >
> > > Section 3.9 "Storing passwords" says: if this password file is 
> > > compromised, then an attacker gains immediate access to documents on 
> > > the server using this realm. I don't see what 'files' means in LDAP 
> > > context. 
> >
> > password storage. 
>
>
> Sorry, I meant 'documents on the server', not 'files'.  'files' was from
> my private notes, with some misquoting...
>
> That is, does this mean that one can authenticate as any in the password
> file if the password file is compromised?
Yes, the same way as if you have all passwords in the clear. However,
1). these hashes are not good for other servers, even if the same user 
has an account and uses the same password. They are effectively "salted" 
with realm, which will be in most cases different;
2). changing realm used by the compromised server, should disallow 
access to anyone.

Also, I believe it is possible to store a salted version of the hash, 
assuming the server always generates
nonce-value that uses the salt as the prefix. But of course this salted 
hash will be different from traditional UNIX salted hashes.

Alexey