python-ldap-dev

password bind

[Fabio M. <fab...@du...>]

Hi!
I would know if there is a way to pass to bind() method an encrypted password. 
I read this password from a configuration file and would not write password 
in it in clear text.

Thanks in advance,
Fabio

-- 
Dott. Fabio Marcone

2T srl
Telefono   +39 - 0871- 540154    
Fax           +39 - 0871- 571594   
Indirizzo  Viale B. Croce 573, 66013 Chieti Scalo (CH)

Re: password bind

[<mi...@st...>]

Fabio Marcone wrote:
> I would know if there is a way to pass to bind() method an encrypted password. 

Which entity do you want to decrypt this password and with which key?

LDAPv3 requires a clear-text password to be passed with simple bind
request. If you want to protect the password from being sniffed you have
to protect your LDAP connection with SSL or TLS. Another option is to
use SASL bind with reasonable strong challenge-response mechanism (e.g.
DIGEST-MD5).

> I read this password from a configuration file and would not write password 
> in it in clear text.

This has nothing to do with python-ldap or LDAPv3. The only thing which
helps is to avoid having to store a password in your configuration.

It's impossible to give better advice without any background information
about what your LDAP client looks like.

Ciao, Michael.

Re: password bind

[<fra...@fr...>]

Fabio Marcone wrote:

>Hi!
>I would know if there is a way to pass to bind() method an encrypted password. 
>I read this password from a configuration file and would not write password 
>in it in clear text.
>  
>
Hi Fabio

If it was possible to bind with an encrypted password, and someone read 
your encrypted password, then it can authenticate. So it is useless to 
encrypt it, because it does not prevent someone to use it :-)

Anyway, it is not possible. The LDAP API needs the clear text password. 
This is not a problem, considering the explanation above.

François

>Thanks in advance,
>Fabio
>
>  
>