Re: [Fwd] Question on LDAP for passwords.

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

>> Aside from ssl/ssh, is there any cute trick built into
>> LDAP for checking passwords without sending them in the
>> clear? Playing with it, I seem to end up either sending
>> in the password with the user query or getting it back
>> as clear text in the LDAP reply.
>
> No, that is how LDAP simple authentication works.
>
> LDAP has other authentication mechanisms that can avoid this, namely SASL.
> Perl-ldap supports the CRAM-MD5 and EXTERNAL mechanisms.

Last desparate grasp at a straw: Has anyone ever grafted
LDAP underneath digest security? Point would be to store
the "password" entries in LDAP and convert the result into
digest challanges.

thanx.

--
Steven Lembark                     500 W. Madison, Suite 3100
Knightsbridge Solutins                      Chicago, IL 60661
"Performance That Empowers"           +1 800 762 1582  x-5350