[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-devel
Subject:    Re: authPassword (RFC 3112) implemented?
From:       Kurt Zeilenga <kurt () openldap ! org>
Date:       2007-07-15 22:41:28
Message-ID: 69D55549-A8D4-4721-8701-CD8C0D6E9005 () OpenLDAP ! org
[Download RAW message or body]


On Jul 15, 2007, at 2:49 PM, Michael Ströder wrote:

> Hallvard B Furuseth wrote:
>>
>> If it's no longer needed - what has changed?  I thought it was  
>> invented
>> because the existing scheme of '{hash method}' in userPassword  
>> broke the
>> LDAP standard.  Which it still does.
>
> Simply no-one cares.

For multiple reasons, yes.

> BTW: IIRC RFC 3112 also lacks a definition of charset encoding for
> textual strings. This was kinda solved for userPassword by an
> implementation hint in RFC 4519 requiring SASLprep/UTF-8 but not  
> for the
> authPasswordSyntax.

In due time the other specifications will be appropriately updated.

The client is to use SASLprep/UTF-8 when using simple bind.  When a
client updates the password, whether by LDAP Password Modify or by
LDAP Modify (of userPassword (hashed or not) or authPassword), they
should also apply SASLprep/UTF-8.

>
> http://www.openldap.org/lists/ietf-ldapbis/200110/msg00008.html
>
> Ciao, Michael.
>


[prev in list] [next in list] [prev in thread] [next in thread]