[JDEV] Simple LDAP Authentication

mark at mjwilcox.com mark at mjwilcox.com
Thu Apr 26 00:08:59 CDT 2001

On 26 Apr 01, at 3:04, Bernd Eckenfels wrote:

> On Tue, Apr 24, 2001 at 06:58:00PM -0500, mark at mjwilcox.com wrote: >
> There isn't a technical reason why plaintext and LDAP > authentication
> can't work. We did it for xdb_ldap for Jabber 1.0. > The LDAP library
> simply must make an ldap_bind() call with the > user's DN and
> password. 
>I think even thinking about Plain
> text authentication as long as SSL is not default in jabber is plain
> wrong in most cases.
Oh, totally agree. However, considering that most password 
systems (not just LDAP) store their passwords pre-digested (most 
passwords are not encypted because that would imply decription)

This is the current standard of the IETF. No new protocols are 
getting passed unless they demand secure authentication (well at 
least no passwords over clear channels).

But this is why ZeroKnowledge (0K) was created. The idea that 
jabber never sends any type of password from client to server. Yes 
the password must periodically be set via a 3rd party, but it's a 
heck of a lot simpler to setup HTTP over SSL than it is Jabber over 
SSL with most current clients.

> Greetings
> Bernd
> -- 
>   (OO)      -- Bernd_Eckenfels at Wendelinusstrasse39.76646Bruchsal.de --
>  ( .. )  ecki@{inka.de,linux.de,debian.org}
>  http://home.pages.de/~eckes/
>   o--o     *plush*  2048/93600EFD  eckes at irc  +497257930613  BE5-RIPE
> (O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir
> cevinpl!
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev

Mark Wilcox
mark at mjwilcox.com

More information about the JDev mailing list