[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Authentication Methods for LDAP - last call
Mark,
If an enterprise chooses to adopt authentication scheme X,
then only clients that support this scheme will
interoperate with servers in that enterprise. We are NOT
going to force CRAM-MD5 onto all enterprises.
Interoperability really is bogus in this case.
Steve
On Sun, 02 Aug 1998 12:28:49 -0500 Mark Wahl
<M.Wahl@INNOSOFT.COM> wrote:
>
> > Therefore, such implementations MUST support some secure form of
> > authentication. Two such examples are CRAM-MD5 and certificates.
>
> While I understand the sentiment, this statement is not strong enough
> to ensure that different implementations will interoperate when vendors
> pick different forms. Therefore clauses (2) and (3) are distinct:
> (2) gives the minimum interoperability without passwords-in-the-clear
> guarantee, and (3) describes how Start TLS can be used for providing
> additional robust services with or without passwords.
>
> Mark Wahl, Directory Product Architect
> Innosoft International, Inc.
>
>