[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Preannounce: Kroupware Project started
From:       Marc Mutz <Marc.Mutz () uni-bielefeld ! de>
Date:       2002-09-11 17:54:28
[Download RAW message or body]


On Wednesday 11 September 2002 14:25, Tim Jansen wrote:
> On Wednesday 11 September 2002 03:08, Martin Konold wrote:
> > We are going to authenticate against LDAP with regards to the IMAP
> > and the SMTP operations. In addition we use SSL/TLS for the
> > transport security.
>
> Doesnt that mean that the LDAP server must store all password in
> unencrypted form, and that all servers that use the passwords must
> have sufficient rights to read them? Otherwise you can implement
> neither plaintext password authentication nor challenge/respond
> passwords, only signature-based authentication.

No, there's a mode for LDAP entries where you can write, but not read. 
Instead, you can compare with a given string. The passwords themselves 
can be (and usually are) stored as e.g. MD5 hash values.

Marc

-- 
If free-software authors lose the right to disclaim all warranties and
find themselves getting sued over the performance of the programs
they've written, they'll stop contributing free software to the world.
 -- Bruce Perens: Open Sources: Voices from the Open Source Revolution

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]