Thank you for your answer. The ldap security is out of my reach, so I can't change it, it is supported by other people who won't change it.
Anyway, thanks for helping. On Wed, 12 Sep 2018 13:38:10 -0700 Cinder Roxley <[email protected]> wrote: > Not possible. As I already stated, the viewer sends an md5 sum of the > password, not cleartext. Instead of attempting to make logins less secure, > you should setup ldap securely and use a secure authentication mechanism: > https://www.python-ldap.org/en/latest/reference/ldap-sasl.html > > > On September 12, 2018 at 1:25:52 PM, Sebastián Castillo Carrión ( > [email protected]) wrote: > > Imagine the following python example: > > l = ldap.open("127.0.0.1") > username = "cn=Manager, o=anydomain.com" > password = "secret" > l.simple_bind(username, password) > > If the server receives the password hashed, then it can't bind to the ldap > server, because the function bind need the password argumento to be not > hashed. > > > > On Wed, 12 Sep 2018 10:44:49 -0700 > Cinder Roxley <[email protected]> wrote: > > > No you cannot and that is a very insecure design. The password is hashed > > using MD5 and sent. You should configure your LDAP server to use SASL at > > very least. > > > > > > On September 12, 2018 at 11:35:24 AM, Sebastián Castillo Carrión ( > > [email protected]) wrote: > > > > Does anyone know if it is possible to make Singularity send the user > > password (in the login process) without any type of encryption to the > > opensim server? > > > > The reason is that I am implementing ldap authentication > > opensim_server<->ldap_server, and https connection > opensim_server<->client, > > and I need to send plain password to opensim so ldap authentication > > functions of the ldap library can be used (they use plain password as one > > of the arguments). > > > > Thank you. > > > > _______________________________________________ > > Opensim-dev mailing list > > [email protected] > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > _______________________________________________ > > Opensim-dev mailing list > > [email protected] > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > _______________________________________________ > Opensim-dev mailing list > [email protected] > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev _______________________________________________ Opensim-dev mailing list [email protected] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
