[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Simple authentication
Can someone point me to a description of how the authentication scheme(s) work in
LDAP?
I cannot see how a simple, password-based method would work securely:
If the password is sent in the clear to the the server and hashed there for
comparison with a stored value, the password can be captured in route by a bad entity
and later used in some nefarious way.
If the password is hashed by the client, the password itself is secure (well...)
and the server compares it to the stored hashed value. Again the value can be captured
in route by a bad entity and later used in some nefarious way.
What am I missing here?
Jim Moe