Graham Barr <gb...@po...> wrote:
> ----- Forwarded message from Steven Lembark <sle...@kn...>
> -----
>
> Date: Sun, 02 Dec 2001 09:58:15 -0600
> To: gb...@po...
> From: Steven Lembark <sle...@kn...>
> Subject: Question on LDAP for passwords.
> X-Mailer: Mulberry/2.1.1 (Linux/x86)
>
>
> Aside from ssl/ssh, is there any cute trick built into
> LDAP for checking passwords without sending them in the
> clear? Playing with it, I seem to end up either sending
> in the password with the user query or getting it back
> as clear text in the LDAP reply.
>
> thanx.
No, that is how LDAP simple authentication works.
LDAP has other authentication mechanisms that can avoid this, namely SASL.
Perl-ldap supports the CRAM-MD5 and EXTERNAL mechanisms.
Cheers,
Chris
|