[JDEV] Simple LDAP Authentication
mark at mjwilcox.com
mark at mjwilcox.com
Thu Apr 26 00:08:59 CDT 2001
On 26 Apr 01, at 3:04, Bernd Eckenfels wrote:
> On Tue, Apr 24, 2001 at 06:58:00PM -0500, mark at mjwilcox.com wrote: >
> There isn't a technical reason why plaintext and LDAP > authentication
> can't work. We did it for xdb_ldap for Jabber 1.0. > The LDAP library
> simply must make an ldap_bind() call with the > user's DN and
> password.
>
>I think even thinking about Plain
> text authentication as long as SSL is not default in jabber is plain
> wrong in most cases.
>
Oh, totally agree. However, considering that most password
systems (not just LDAP) store their passwords pre-digested (most
passwords are not encypted because that would imply decription)
This is the current standard of the IETF. No new protocols are
getting passed unless they demand secure authentication (well at
least no passwords over clear channels).
But this is why ZeroKnowledge (0K) was created. The idea that
jabber never sends any type of password from client to server. Yes
the password must periodically be set via a 3rd party, but it's a
heck of a lot simpler to setup HTTP over SSL than it is Jabber over
SSL with most current clients.
Mark
> Greetings
> Bernd
> --
> (OO) -- Bernd_Eckenfels at Wendelinusstrasse39.76646Bruchsal.de --
> ( .. ) ecki@{inka.de,linux.de,debian.org}
> http://home.pages.de/~eckes/
> o--o *plush* 2048/93600EFD eckes at irc +497257930613 BE5-RIPE
> (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir
> cevinpl!
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
>
Mark Wilcox
mark at mjwilcox.com
Got LDAP?
More information about the JDev
mailing list