The IESG has approved the Internet-Draft 'LDAP Password Modify Extended
Operation' <draft-zeilenga-ldap-passwd-exop-05.txt> as a Proposed
Standard. This has been reviewed in the IETF but is not the product of
an IETF Working Group.
The IESG contact persons are Patrik Faltstrom and Ned Freed
Technical Summary
The integration of LDAP and external authentication services has
introduced non-DN authentication identities and allowed for
non-directory storage of passwords. As such, mechanisms which
update the directory (e.g. Modify) cannot be used to change a user's
password. This document describes an LDAP extended operation to
allow modification of user passwords which is not dependent upon the
form of the authentication identity nor the password storage
mechanism used.
The mechanism doesn't provide any privacy or security protection by
itself, but instead relies on other extensions in LDAP for securing
the actual transaction.
Working Group Summary
The document is not part of the official work of any working group in
the IETF, but it has been discussed on the mailing lists for the LDAP
Extensions (LDAPEXT wg).The changes from version 04 to version 05
reflects comments during last call of the document.
Protocol Quality
The specification was reviewed by Patrik Faltstrom.
Note to RFC Editor:
Please replace the last sentence of section 6, Security Considerations
From:
Use of Start TLS [RFC 2830] is highly recommended.
To:
This extension MUST be used with confidentiality protection,
such as Start TLS [RFC 2830]. The NULL cipher suite MUST NOT
be used.
