- From: Daniel Stone <dstone@trinity.unimelb.edu.au>
- Date: Thu, 10 Oct 2002 19:34:23 +1000
- To: Murthy Chintalapati <Murthy.Chintalapati@sun.com>
- Cc: Jim Whitehead <ejw@cse.ucsc.edu>, WebDAV <w3c-dist-auth@w3.org>
On Wed, Oct 09, 2002 at 06:05:47PM -0700, Brother Murthy Chintalapati preached da werd, yo: > You are absolutely right in that the server-side need to know the real > password to be able to the digest auth. However, this doesn't > necessarily mean that the passwords are stored in clear text. For > instance, LDAP servers (the Sun ONE Directory Server that I know for > sure) support the notion of reversable password plugin -- where by > server uses symmetric key algorithm (such as DES) to store password in > an encrypted form. Hmm ... does OpenLDAP support this? That's what we're using, and we would expect most implementations of MoulDAVia to be in capital-F-Free/capital-O-Open environments, so I'm not too keen to hobble it by restricting LDAP access to those with proprietary servers ... thanks for the heads-up! > Jim Whitehead wrote: > >Accidentally caught by the spam filter. I have added > ><dstone@trinity.unimelb.edu.au> to the accept2 list. Cheers. :) -- Daniel Stone <dstone@trinity.unimelb.edu.au> Developer, Trinity College, University of Melbourne
Received on Thursday, 10 October 2002 05:39:59 UTC