[JDEV] digest and ldap and authentication

mark at mjwilcox.com mark at mjwilcox.com
Sun Jul 30 13:51:01 CDT 2000 

I know the next version of jabberd will be much better, but i'm stuck 
implementing for 1.0 (per the requirements posted for the RFP on 
sourceExchange).

Mark

On 30 Jul 00, at 13:03, Thomas Muldowney wrote:

> This is basically a 0k (zero knowledge) system of auth that is currently being
> implemented in the new jabberd that is in development.  I'll dig up the 
> proposal URL later and post it.  Essentially this will allow the server to use
> whatever method it needs.
> 
> --temas
> 
> On Sun, Jul 30, 2000 at 06:39:53PM +0200, Konrad Podloucky wrote:
> > 
> > On 30-Jul-2000 Jerrad Pierce enlightened me with:
> > > In reply to your message from the not too distant future: next
> > > Sunday AD
> > > Reply-to: belg4mit at mit.edu
> > > Return-receipt-to: belg4mit at mit.edu
> > > Organization: a) Discordia b) none c) what's that?
> > > Content-Typo: gibberish, charset=ascii-art
> > > Date: Sun, 30 Jul 2000 12:16:33 EDT
> > > From: Jerrad Pierce <belg4mit>
> > > 
> > > So what doesn't it just use OTP? (instead of whatever the
> > > current password
> > > scheme is)
> > > 
> > OK, I didn't read the complete RFC, but basically the
> > OTP-authentication looks like the SKEY-mechanism described in
> > Bruce Schneier's "Applied Cryptography".
> > 
> > Actually it looks like this would work. When creating an account
> > the client sends the server x[n] (which is the hash function
> > applied n times to the client's secret passphrase) and n. When
> > asking for authentication the server sends n - 1 to the client
> > and the client computes x[n-1] and sends it back to the server.
> > When H(x[n-1]) == x[n] then the client has been succesfully
> > authenticated and the server stores x[n-1] and n.
> > After n-1 times, the client has to send a new x[n] to the
> > server. But the user won't have to change his passphrase because
> > of the seed mentioned in the RFC (The seed is a random string
> > sent to the client which is concatenated to the actual
> > passphrase).
> > 
> > Looks good!
> >         Konrad
> > 
> > 
> > 
> > ________________________________________________________________
> >   .~.   Konrad Podloucky    <konrad at pelimbert.tssc.univie.ac.at> 
> >   /V\                  Running GNU/Linux 2.2.17pre3 on an Alpha
> >  // \\  GnuPG/PGP-key available by request  
> > /(   )\ "It's all fun and games until someone gets hurt...
> >  ^^-^^   then it's just fun."
> > 
> > _______________________________________________
> > jdev mailing list
> > jdev at jabber.org
> > http://mailman.jabber.org/listinfo/jdev
> > 
> 


Mark Wilcox
mark at mjwilcox.com
Got LDAP?

More information about the JDev mailing list