On 26 Apr 01, at 3:04, Bernd Eckenfels wrote:
> On Tue, Apr 24, 2001 at 06:58:00PM -0500, [EMAIL PROTECTED] wrote: >
> There isn't a technical reason why plaintext and LDAP > authentication
> can't work. We did it for xdb_ldap for Jabber 1.0. > The LDAP library
> simply must make an ldap_bind() call with the > user's DN and
> password.
>
>I think even thinking about Plain
> text authentication as long as SSL is not default in jabber is plain
> wrong in most cases.
>
Oh, totally agree. However, considering that most password
systems (not just LDAP) store their passwords pre-digested (most
passwords are not encypted because that would imply decription)
This is the current standard of the IETF. No new protocols are
getting passed unless they demand secure authentication (well at
least no passwords over clear channels).
But this is why ZeroKnowledge (0K) was created. The idea that
jabber never sends any type of password from client to server. Yes
the password must periodically be set via a 3rd party, but it's a
heck of a lot simpler to setup HTTP over SSL than it is Jabber over
SSL with most current clients.
Mark
> Greetings
> Bernd
> --
> (OO) -- [EMAIL PROTECTED] --
> ( .. ) ecki@{inka.de,linux.de,debian.org}
> http://home.pages.de/~eckes/
> o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
> (O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir
> cevinpl!
>
> _______________________________________________
> jdev mailing list
> [EMAIL PROTECTED]
> http://mailman.jabber.org/listinfo/jdev
>
>
Mark Wilcox
[EMAIL PROTECTED]
Got LDAP?
_______________________________________________
jdev mailing list
[EMAIL PROTECTED]
http://mailman.jabber.org/listinfo/jdev
