Menu
▾
▴
Re: userpassword
|
From: Chris R. <chr...@me...> - 2001-07-04 14:36:18
|
"Kurt D. Zeilenga" <Ku...@Op...> wrote: > At 01:12 AM 7/4/2001, Chris Ridd wrote: >> David Bussenschutt <d.b...@ma...> wrote: >>> Of course, the easiest way to do a password compare without having to >>> worry about the encoding, or UTF, or any other directory specific stuff >>> is to try doing a bind as that user. >>> If you can bind, then the password was OK. >>> Isn't that easier than the other options given? >> >> Yes and no. When you send a bind to the server, internally it issues a >> compare operation against the userPassword attribute etc, so bind and >> compare should basically both work and fail identically when given the >> same input. > > Bind need not use userPassword. It can use authPassword (RFC 3112) > or other attributes or information stored outside the directory. > Bind can use access control and policy information. Good point. >> Also of course, it might be possible to bind as the manager of the server >> and then bind as user 'A', but not bind as user 'A' and then bind as user >> 'B' due to access controls. > > I would call that server broken. A server should drop the No, just configured with an unhelpful combination of access controls :-( Cheers, Chris |
