[Date Prev][Date Next] [Chronological] [Thread] [Top]

Security [auf Viren überprüft]

To: openldap-software@OpenLDAP.org
Subject: Security [auf Viren überprüft]
From: Hans Moser <hans.moser@ofd-sth.niedersachsen.de>
Date: Tue, 01 Feb 2005 15:15:27 +0100
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-AT; rv:1.4) Gecko/20030624

Hi!

To prevent sniffing clear text passwords there are a few methods available with OpenLDAP. Which of them are useful, when OpenLDAP will be used especially with Postfix und Cyrus IMAPd? I don't want to store authentification data elsewhere than in LDAP (i.e. no sasldb2).

The "easiest" way may be server-side encrytion with TLS. STARTTLS works before the bind operation, so even simple bind clear text passwords are encrypted. Am I right? To use CRAM-MD5 or DIGEST-MD5-mech need plain text passwords in the userpasswd-attribut to create the challenge. Is that true?

I'm sure someone has done this before (with or without Kerberos). [We don't have any Kerberos-infrastructure yet.] I know, this is only "related" to OpenLDAP. It's hard for my to understand all this SASL and OpenSSL background topics. Any hinds?

Hans

Follow-Ups:
- Re: Security [auf Viren überprüft]
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: installing overlays?
Next by Date: Re: JLDAP question regarding national characters (for example Umlauts in German)
Index(es):
- Chronological
- Thread