[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: LDAPDN and AuthMeth/DIGEST-MD5



At 08:20 PM 11/18/99 -0800, Paul Leach (Exchange) wrote: 
> I strenuously object to any LDAP-specific authentication protocol being required. 

Well, LDAP already specifies LDAP-specific authentication methods.
Though SASL is nice and wonderful, it's not a cure all.  Neither
is traditional LDAP authentication.  Neither is PKI.

LDAP is flexible enough to support all these approaches and more.
It's our responsibility to provide this flexibility in a secure
manner.

I believe that we must specify a LDAP secure bind method
for use with LDAP DN authorization identities as LDAP DN
based authentication is an integral part of LDAP.