[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword compare fix

To: openldap-devel@OpenLDAP.org
Subject: Re: userPassword compare fix
From: David Boreham <david_list@boreham.org>
Date: Wed, 25 Jan 2006 08:30:20 -0700
In-reply-to: <aa7373470601250520l13af1dd3w@mail.gmail.com>
References: <aa7373470601240750h6aea1278j@mail.gmail.com> <7.0.0.16.0.20060124094033.03912538@OpenLDAP.org> <43D682E9.4040509@boreham.org> <aa7373470601250520l13af1dd3w@mail.gmail.com>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Oni (Paolo Meschi) wrote:

Thanks for the clarification.

I understood that this behaviour will violate the specifications,
however this should be useful to some people. So the possibility to
compare the userPassword hashed value with a cleartext value, for the
standards sake, should be implemented in an (optional) overlay.

Right?

Ideally the applications that use compare to verify user credentials should
be fixed (use bind instead). My personal opinion is that nothing should be
done to encourage the survival of such broken applications in the wild.

References:
- userPassword compare fix
  - From: "Oni (Paolo Meschi)" <paolo.meschi@gmail.com>
- Re: userPassword compare fix
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: userPassword compare fix
  - From: David Boreham <david_list@boreham.org>
- Re: userPassword compare fix
  - From: "Oni (Paolo Meschi)" <paolo.meschi@gmail.com>

Prev by Date: Re: userPassword compare fix
Next by Date: Re: userPassword compare fix
Index(es):
- Chronological
- Thread