jani, I'm asking some of the Microsoft people interested in OpenSim to have a look at this. A known insecure solution will not be acceptable in my enterprise.
-- Peter On Sep 25, 2:26 pm, "Jani Pirkola" <[EMAIL PROTECTED]> wrote: > John, > > how long you can wait for us to figure out how/what to do? > Even if using SSL and plaintext password on top of that isn't the best > solution, it is a good option, right? How much work that would cause on our > end? I really would love to see the AD/AM implemented and if John is doing > it ... we should give support. > If we go that way now, can we change it later to be smarter? > > Best, > Jani > > 2008/9/25 Matti Kuonanoja <[EMAIL PROTECTED]> > > > > > > > Sending password as plain text might be possible if the connection is > > encrypted exp. with SSL. But as Mikko said it isn't best practice. > > > I don't have a solution to this right now. We must research this > > matter more to get authentication scheme where we support existing > > methods like openID, AD etc. > > > On 25 syys, 00:14, "Jani Pirkola" <[EMAIL PROTECTED]> wrote: > > > MattiK, > > > > can you figure out how to solve this one? We need to do it anyway so why > > not > > > do it as soon as possible to help John to help us. > > > > Best regards, > > > Jani > > > > 2008/9/25 Hurliman, John <[EMAIL PROTECTED]> > > > > > I started work on a simulator LDAP authentication module (it is > > > > surprisingly simple using the .NET/Mono libraries), but ran into an > > issue. > > > > The client currently sends MD5 hashes of passwords instead of the > > plaintext > > > > password, and you must feed the plaintext password to the .NET library > > to do > > > > a proper bind. Even if a different LDAP library was used (or a new one > > > > written) it would still require a client modification to get the > > passwords > > > > in a different format. Worse still, there are several different > > > > authentication mechanisms depending on how your AD/OpenLDAP/etc admin > > has > > > > configured the service. The client would need to do an exchange with > > the > > > > login server to agree on a supported hashing format, or send the > > password in > > > > plaintext. I'm not in any position to do client modifications so I put > > this > > > > project on hold. If I'm missing something obvious or you discover a > > > > workaround please let me know and I can resume working on this. > > > > > John > > > > > *From:* [email protected] [mailto:[EMAIL PROTECTED] > > *On > > > > Behalf Of *Jani Pirkola > > > > *Sent:* Thursday, September 18, 2008 3:22 AM > > > > *To:* [email protected] > > > > *Subject:* Re: AD/AM for enterprise authentication? > > > > > Peter, > > > > > thanks for bringing this up, it helps us to prioritize tasks when we > > know > > > > which ones are actually wanted. We already had this on our list so that > > we > > > > will hopefully enable AD for realXtend during this year. > > > > G2 Proto, do you think you and your group could contribute some help to > > > > this task? > > > > > Best regards, > > > > Jani > > > > > 2008/9/18 Peter_Quirk <[EMAIL PROTECTED]> > > > > > Active Directory / Application Mode looks very appropriate for > > > > leveraging enterprise SSO services from Active Directory while > > > > maintaining the application-specific information about a user's avatar > > > > identity. Pluggable authentication systems like this will greatly > > > > simplify realXtend's adoption for enterprise use. Information on AD/AM > > > > is available at > > >http://www.microsoft.com/windowsserver2003/techinfo/overview/adam.msp...siteerattu > > teksti - > > > > - Näytä siteerattu teksti -- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/realxtend -~----------~----~----~----~------~----~------~--~---
