John, good to know that you are not going to drop it for good. We started to plan to work on AD/AM/OpenID at the next sprint - I think that means that we do a little bit researching around to see how to implement everything. I know many companies that are planning to user realXtend have asked for this so there is a clear need to make this happen - thanks for Peter for bringing this up. Your help is appreciated!
Best, Jani 2008/10/1 Hurliman, John <[EMAIL PROTECTED]> > No rush on my end. It was something I started working on, hit a > roadblock, and shelved for a later date. If you are also thinking about > systems like OpenID, the login protocol will need to be re-imagined > slightly. Maybe the best idea would be writing a spec for a login protocol > that accommodates systems like LDAP, OpenID, etc. > > > > To continue this thread though, any time you login to a website your > browser is sending your password "in plaintext" inside an SSL stream. It's > not a known insecure method, it's the way the web works. Just make sure to > check your certificates (which the client does not do now). > > > > John > > > > *From:* [email protected] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Jani Pirkola > *Sent:* Thursday, September 25, 2008 11:27 AM > *To:* [email protected] > *Subject:* [REX] Re: AD/AM for enterprise authentication? > > > > John, > > how long you can wait for us to figure out how/what to do? > Even if using SSL and plaintext password on top of that isn't the best > solution, it is a good option, right? How much work that would cause on our > end? I really would love to see the AD/AM implemented and if John is doing > it ... we should give support. > If we go that way now, can we change it later to be smarter? > > Best, > Jani > > 2008/9/25 Matti Kuonanoja <[EMAIL PROTECTED]> > > > Sending password as plain text might be possible if the connection is > encrypted exp. with SSL. But as Mikko said it isn't best practice. > > I don't have a solution to this right now. We must research this > matter more to get authentication scheme where we support existing > methods like openID, AD etc. > > > > > On 25 syys, 00:14, "Jani Pirkola" <[EMAIL PROTECTED]> wrote: > > MattiK, > > > > can you figure out how to solve this one? We need to do it anyway so why > not > > do it as soon as possible to help John to help us. > > > > Best regards, > > Jani > > > > > 2008/9/25 Hurliman, John <[EMAIL PROTECTED]> > > > > > > > > > > I started work on a simulator LDAP authentication module (it is > > > surprisingly simple using the .NET/Mono libraries), but ran into an > issue. > > > The client currently sends MD5 hashes of passwords instead of the > plaintext > > > password, and you must feed the plaintext password to the .NET library > to do > > > a proper bind. Even if a different LDAP library was used (or a new one > > > written) it would still require a client modification to get the > passwords > > > in a different format. Worse still, there are several different > > > authentication mechanisms depending on how your AD/OpenLDAP/etc admin > has > > > configured the service. The client would need to do an exchange with > the > > > login server to agree on a supported hashing format, or send the > password in > > > plaintext. I'm not in any position to do client modifications so I put > this > > > project on hold. If I'm missing something obvious or you discover a > > > workaround please let me know and I can resume working on this. > > > > > John > > > > > *From:* [email protected] [mailto:[EMAIL PROTECTED] > *On > > > Behalf Of *Jani Pirkola > > > *Sent:* Thursday, September 18, 2008 3:22 AM > > > *To:* [email protected] > > > *Subject:* Re: AD/AM for enterprise authentication? > > > > > Peter, > > > > > thanks for bringing this up, it helps us to prioritize tasks when we > know > > > which ones are actually wanted. We already had this on our list so that > we > > > will hopefully enable AD for realXtend during this year. > > > G2 Proto, do you think you and your group could contribute some help to > > > this task? > > > > > Best regards, > > > Jani > > > > > > 2008/9/18 Peter_Quirk <[EMAIL PROTECTED]> > > > > > > Active Directory / Application Mode looks very appropriate for > > > leveraging enterprise SSO services from Active Directory while > > > maintaining the application-specific information about a user's avatar > > > identity. Pluggable authentication systems like this will greatly > > > simplify realXtend's adoption for enterprise use. Information on AD/AM > > > is available at > > > > > http://www.microsoft.com/windowsserver2003/techinfo/overview/adam.mspx.-Piilota > siteerattu teksti - > > > > - Näytä siteerattu teksti - > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/realxtend -~----------~----~----~----~------~----~------~--~---
