[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Comments on draft-zeilenga-ldap-authpasswd-01.txt
At 01:27 PM 2/15/00 -0800, Bob Joslin wrote:
>I may be a bit green in understanding DIGEST-MD5, but why would having an
>already-hashed password help an LDAP server implement DIGEST-MD5 SASL binds?
DIGEST-MD5 is designed such that servers need not store the clear
text password; they may store a derived value instead. The
authPassword draft describes how this derived value (with
other information useful in implementing the mechanism) may
be stored in the directory. See DIGEST-MD5, Section 3.9.
>As Mark Smith pointed out, you omitted "crypt". I reviewed your reply but
>still think we would like to see your draft mention "crypt."
This document is intended for the standard track. Inclusion
of a crypt scheme, IMO, is incompatible with this intent for
reasons previously stated. I beleive it appropriate to handle
introduction of a crypt scheme as an extension described by a
separate document not on the standard track.