On 3/11/07, Stefan Zoerner <[EMAIL PROTECTED]> wrote:
...
This is why I think option 2 is not recommended at all. By the way: the
following servers behave exactly the same:
* OpenLDAP 2.3
* Sun Java System Directory Server 5.2
* IBM Tivoli Directory Server 6.0
We also want the plaintext so we can keep the symmetric keys used by
Kerberos, Change Password, and LDAP+GSSAPI in synch. I discuss this
on the "Security Initiatives" page:
http://cwiki.apache.org/confluence/display/DIRxSBOX/Security+Initiatives
Enrique
