Preannounce: Kroupware Project started
Marc Mutz
Marc.Mutz at uni-bielefeld.de
Wed Sep 11 18:54:28 BST 2002
On Wednesday 11 September 2002 14:25, Tim Jansen wrote:
> On Wednesday 11 September 2002 03:08, Martin Konold wrote:
> > We are going to authenticate against LDAP with regards to the IMAP
> > and the SMTP operations. In addition we use SSL/TLS for the
> > transport security.
>
> Doesnt that mean that the LDAP server must store all password in
> unencrypted form, and that all servers that use the passwords must
> have sufficient rights to read them? Otherwise you can implement
> neither plaintext password authentication nor challenge/respond
> passwords, only signature-based authentication.
No, there's a mode for LDAP entries where you can write, but not read.
Instead, you can compare with a given string. The passwords themselves
can be (and usually are) stored as e.g. MD5 hash values.
Marc
--
If free-software authors lose the right to disclaim all warranties and
find themselves getting sued over the performance of the programs
they've written, they'll stop contributing free software to the world.
-- Bruce Perens: Open Sources: Voices from the Open Source Revolution
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20020911/5776e504/attachment.sig>
More information about the kde-core-devel
mailing list