On Wed, 2004-08-18 at 11:12 +0100, Mark Powell wrote: > On Tue, 17 Aug 2004, Elliot F. wrote: > > > LDAP could use cram-md5, you would just have to store the passwords in > > plaintext in the directory. > > Our LDAP database for site-wide user authentication is an LDAP for NDS > server on some Netware box. So I don't think that option is open for us :( > Looks like digest-md5 may be helpful, but on first glance I would have to > make some real time to code that. I *think* that this may be possible with > stunnel or the like, but that is currently under investigation. > > > It's easy, if that is what you would want > > to do. Sun/iPlanet DS 5 has some nice facilities for specifying the > > password encryption scheme, so as to apply plaintext encryption on > > subtrees. By default, it stores the clear text password in base64, btw. > > All you would need after that is an ACI that allows a certain DN to read > > the password. The question is whether you would want the directory to > > store passwords in clear text. > > > > If your directory is already initialized, then yes, that would be a > > problem. >
Which option is not open for you? Using clear text passwords? Unless I'm mistaken (which I would like to be), digest-md5 would require clear text password storage as well. Perhaps if it would work if the passwords were stored as MD5 in the backend? Or is there a requirement to hash the clear password? Any links to example digest-md5 conversations would be appreciated. RFC2554 gives an example CRAM-MD5, but no Digest-MD5.
