Hi All, Env: ARS 6.3/Mid-Tier 7.0
Clarification required on the dynamics of Remedy passwords...both user and system set... I believe the following statements to be TRUE since v6 onwards, if not please can you advise of what your understanding is: 1) From v6 onwards Remedy user passwords are now generated through a one-way MD-5 hash function when none of the of the encryption packages are used (including the standard package) What form are passwords sent from say a browser using the midtier component? 2) All other Remedy component passwords such as Application Service Password, Database User Password, LDAP Distinguised User Password etc are stored by the server (and Mid-tier component) using 56-bit DES encryption which incorporates salting Finally, what hash or encrypted form do user passwords take when passed to say the supplied AREA plugin from the ARSystem server in either SSL and non-SSL communication? I presume they are not sent over the wire in clear-text in either approach, but some level of security is incorporated, in such a manner that the LDAP server can understand the value passed. Any insights on this appreciated. Thanks In Advance, Kevin Ref: http://www.remedy.com/customers/dht/archive/03-15-2004.htm _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
