[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: LDAPDN and AuthMeth/DIGEST-MD5
My terminology was off and I confused A1 with the stored
hash. I'll try to clarify my comments.
At 05:53 PM 11/21/99 -0800, you wrote:
> No. It can store
> H( { username-value, ":", realm-value, ":", passwd }
> which is what was intended to be precomputed, not A1.
If the user provided identity (username-value) is an
LDAP DN, this cannot be precomputed unless both client
and server agree on a canonical string encoding for
DNs. Without such an agreement, the password would
have to be stored in clear text.
From previous discussions, you noted that use of LDAPDN
format user identities was inappropriate for SASL based
authentication. This may be true. However, it does
leave AuthMeth without providing a secure mechanism for
authenticating users who provide LDAPDN identities. Such
a mechanism is needed and, IMO, AuthMeth should not be
progressed without such a mechanism.
Kurt