[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unix auth via LDAP & now need to add Samba!

Subject: Re: Unix auth via LDAP & now need to add Samba!
From: "Mark H. Wood" <mwood@IUPUI.Edu>
Date: Wed, 1 May 2002 15:28:54 -0500 (EST)
Cc: OpenLDAP Mailling List <openldap-software@OpenLDAP.org>
In-reply-to: <Pine.LNX.4.44.0205011227450.9540-100000@herbie.shadlen.org>

On Wed, 1 May 2002, David Wright wrote:
> Your step-by-step illustrates the flaw perfectly! The server stores HP.
> But HP can be used for authentiation (by hashing with the challenge to
> produce HC)! It's true that the cleartext of the password P is safe, so if

HPC nor HPS ever appears on the wire, so where did the attacker get it?
He can't calculate it unless he knows the password.

-- 
Mark H. Wood, Lead System Programmer   mwood@IUPUI.Edu
MS Windows *is* user-friendly, but only for certain values of "user".

Follow-Ups:
- [OT] Re: Unix auth via LDAP & now need to add Samba!
  - From: "David L. Parsley" <parsley@roanoke.edu>
- Re: Unix auth via LDAP & now need to add Samba!
  - From: David Wright <ichbin@shadlen.org>

References:
- Re: Unix auth via LDAP & now need to add Samba!
  - From: David Wright <ichbin@shadlen.org>

Prev by Date: Re: Unix auth via LDAP & now need to add Samba!
Next by Date: [OT] Re: Unix auth via LDAP & now need to add Samba!
Index(es):
- Chronological
- Thread