[Date Prev][Date Next] [Chronological] [Thread] [Top]

authmeth: passwords in the clear



authmeth-10 says:

> 11. General Requirements for Password-based Authentication
> (...)
>   To mitigate the security risks associated with the use of passwords, 
>   a server implementation MUST implement a configuration that at the 
>   time of authentication or password modification, requires: 
>
>      1) A Start TLS encryption layer has been successfully negotiated. 
>
>       OR 
>
>      2) Some other confidentiality mechanism that protects the password 
>         value from snooping has been provided. 
>
>       OR 

This should only apply to cleartext passwords, not e.g. modifications of
attributes that contain encrypted passwords.  I suppose that can be
considered a 'confidentiality mechanism' as in (2) so this case is
covered, but confidentiality mechanisms elsewhere in the draft do not
refer to that, only to things like TLS or SASL layers.

It's not just modifications.  It's any operation which involves
passwords, e.g. compare.

Finally, as I said in the thread about this, we cannot mandate this for
other operations than bind, because a gateway server may not know which
attributes contain passwords (other than userPassword).  You could use
"MUST" protect cleartext bind passwords, and "SHOULD" protect other
cleartext passwords.

-- 
Hallvard