[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Schema: encrypted 8-bit userPassword and SASLprep

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: Schema: encrypted 8-bit userPassword and SASLprep
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Fri, 12 Sep 2003 16:02:15 +0200
Cc: ietf-ldapbis@OpenLDAP.org
In-reply-to: <5.2.0.9.0.20030912064702.03c11858@127.0.0.1>
References: <HBF.20030912vnly@bombur.uio.no> <5.2.0.9.0.20030912064702.03c11858@127.0.0.1>

Kurt D. Zeilenga writes:
>At 04:09 AM 9/12/2003, Hallvard B Furuseth wrote:
>>[Schema] 2.41 (userPassword) says:
>>
>>   The application SHOULD prepare textual strings used as passwords
>>   by transcoding them to Unicode, applying SASLprep [SASLprep], and
>>   encoding as UTF-8.
> 
> s/application/client/
> 
> The intent here was to recommend that clients prepare textual
> passwords before storing them or using them (to improve
> interoperability).

Huh?  If clients do that but servers don't, the passwords won't match.

> Note that it is not a mandate.  It is a recommendation.

Sure, but if implementations follow that recommendation, sites with
servers using Unix /etc/passwd passwords are in trouble.  Unless they
also follow a recommendation to allow this to be turned off.

It applies to Windows servers too, I think - though passwords there are
apparently so easy to break that servers almost could do it during the
bind operation:-(

-- 
Hallvard

Follow-Ups:
- Re: Schema: encrypted 8-bit userPassword and SASLprep
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Schema: encrypted 8-bit userPassword and SASLprep
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Schema: encrypted 8-bit userPassword and SASLprep
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: strange uniqueMemberMatch
Next by Date: Re: Schema: encrypted 8-bit userPassword and SASLprep
Index(es):
- Chronological
- Thread