W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2002

Re: FW: Digest auth the wrong solution?

From: Daniel Stone <dstone@trinity.unimelb.edu.au>
Date: Thu, 10 Oct 2002 19:34:23 +1000
To: Murthy Chintalapati <Murthy.Chintalapati@sun.com>
Cc: Jim Whitehead <ejw@cse.ucsc.edu>, WebDAV <w3c-dist-auth@w3.org>
Message-ID: <20021010093423.GG22562@trinity.unimelb.edu.au>

On Wed, Oct 09, 2002 at 06:05:47PM -0700, Brother Murthy Chintalapati preached da werd, yo:
> You are absolutely right in that the server-side need to know the real 
> password to be able to the digest auth. However, this doesn't 
> necessarily mean that the passwords are stored in clear text. For 
> instance, LDAP servers (the Sun ONE Directory Server that I know for 
> sure) support the notion of reversable password plugin -- where by 
> server uses symmetric key algorithm (such as DES) to store password in 
> an encrypted form.

Hmm ... does OpenLDAP support this? That's what we're using, and we
would expect most implementations of MoulDAVia to be in
capital-F-Free/capital-O-Open environments, so I'm not too keen to
hobble it by restricting LDAP access to those with proprietary servers
... thanks for the heads-up!

> Jim Whitehead wrote:
> >Accidentally caught by the spam filter. I have added
> ><dstone@trinity.unimelb.edu.au> to the accept2 list.

Cheers. :)

-- 
Daniel Stone                                     <dstone@trinity.unimelb.edu.au>
Developer, Trinity College, University of Melbourne
Received on Thursday, 10 October 2002 05:39:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:02 GMT