[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple authentication



Like about every other Internet protocol, you would have to send the authentication
information encrypted. You could use SSL or SASL. I know someone has  written a Kerberos
service for SASL, though I don't know much about it or if it would work with OpenLDAP.

Mark

James M. Moe wrote:

>     Can someone point me to a description of how the authentication scheme(s) work in
> LDAP?
>     I cannot see how a simple, password-based method would work securely:
>     If the password is sent in the clear to the the server and hashed there for
> comparison with a stored value, the password can be captured in route by a bad entity
> and later used in some nefarious way.
>     If the password is hashed by the client, the password itself is secure (well...)
> and the server compares it to the stored hashed value. Again the value can be captured
> in route by a bad entity and later used in some nefarious way.
>     What am I missing here?
>
> Jim Moe

--
Mark Wilcox
mewilcox@unt.edu
University of North Texas  (940)565-2568
http://www.unt.edu/
-----------------------personal------------------------
Netscape Developer Champion: Directory Developers Newsgroup
http://people.unt.edu/~mewilcox/