Menu
▾
▴
Re: userpassword
|
From: Chris R. <chr...@me...> - 2001-07-04 09:27:05
|
Graham Barr <gb...@po...> wrote: > On Wed, Jul 04, 2001 at 09:58:37AM +0100, Chris Ridd wrote: >> Graham Barr <gb...@po...> wrote: >> > On Wed, Jul 04, 2001 at 09:12:01AM +0100, Chris Ridd wrote: >> >> If the server is storing hashed passwords, you should be >> >> binding/comparing with the plain text passwords. Consider using LDAPS >> >> or LDAPv3 startTLS if you want to prevent people from sniffing those >> >> passwords on your network. >> > >> > This reminds me. What needs to be done for Net::LDAP to support >> > startTLS ? >> > >> > Graham. >> >> IIRC, IO::Socket::SSL needs to support send() and recv(), which I >> imagined would mean it (and by extension Net::SSLeay) needed rewriting >> to use openssl's non-blocking I/O. > > Is this because Net::LDAP currently uses send() and recv() ? Yes. I thought it was doing that in case we wanted to support CLDAP (a version of LDAP over UDP) at some point. > If so I am planning to change that so that Net::LDAPS does not > need its own _sendmesg. That would be good. > I am also going to split the actual connect out out new(), so Net::LDAPS > will not need to duplicate that, but just provide a connect sub. That sounds sensible. > Is the Net::LDAPS in CVS upto date ? Yes. > Graham. > Cheers, Chris |
