[JDEV] authentication & updated design document
mark at mjwilcox.com
mark at mjwilcox.com
Sun Jul 30 17:00:39 CDT 2000
Hi,
sheath and I think we have figured out a solution to the problem (at
least for now).
For sites that wish to use Jabber digest authentication, they will
need to make sure that their user's passwords are stored in LDAP
as plaintext.
It is probably recommended that if you want to do this or if you plan
to use LDAP for authentication beyond Jabber, that you use a
seperate LDAP server for this purpose (sort of like you would have
done if you had run Microsoft NetMeeting & the ILS server). You
can probably use LDAP replication to make it easier to keep user
data in synch (but not passwords).
The reason I recommend this is so that you don't have to figure out
how to store both plaintext and encrypted passwords in the same
server (most LDAP servers can support multiple passwords in the
userpassword attribute, but it's not wise).
Most sites will not have multiple servers. I figure most sites that
wish to use digest authentication, will likely won't mind either
storing the passwords in plaintext or setting up a jabber specific
LDAP server (after all it's still better than maintaining plaintext
passwords in a text file like we currently do).
It's also observed that the future is likely SSL because that's an
Internet recognized standard, jabber already can support it (at least
on the server, still waiting for those clients ;), it provides for secure
authentication of both the server & the client. Plus it encrypts the
entire conversation(s), not just the password exchange.
I've put these changes in the updated design document at
http://xdbldap.tigris.org/
Mark
Mark Wilcox
mark at mjwilcox.com
Got LDAP?
More information about the JDev
mailing list