[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Debugging a user authentication

To: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Subject: Re: Debugging a user authentication
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 18 Nov 2008 14:57:16 +0100
Cc: Adrian Marsh <Adrian.Marsh@ubiquisys.com>, openldap-technical@openldap.org
In-reply-to: <20081117202846.GA7078@tile.skills-1st.co.uk>
References: <094A73044298734FB7D58CAAA319E1D6013CE4F2@UBIQ-SERV1.ubiquisys.local> <20081117202846.GA7078@tile.skills-1st.co.uk>

Andrew Findlay writes:
> (1): The latest LDAP spec introduced pwprep to solve this problem,
> but hardly anything implements it yet. It will be many years before
> you can depend on common LDAP clients doing itproperly.

It's not just a client-side issue.  Most sites store a password hash in
their server rather than the cleartext password.  That means the client
needs to encode password with the same character encoding and
preparation as whatever hashed the server-side password.  (E.g. the
/etc/passwd program.)  Or the server needs to prepare cleartext
passwords it receives from the client the same way, but it's likely a
bad idea for the server to e.g. assume client passwords are latin-1 and
convert to UTF-8.

-- 
Hallvard

Follow-Ups:
- Re: Debugging a user authentication
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
- Re: Debugging a user authentication
  - From: Howard Chu <hyc@symas.com>

References:
- RE: Debugging a user authentication
  - From: "Adrian Marsh" <Adrian.Marsh@ubiquisys.com>
- Re: Debugging a user authentication
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: RE: Issues in Performance Tesing of OpenLDAP using SLAMD
Next by Date: Re: Memory consumption issue
Index(es):
- Chronological
- Thread