On Tue, 2004-08-17 at 15:04 +0100, Mark Powell wrote: > Hi, > Attached is my first attempt at authldap, which currently works for our > site. It takes a simple username/password combination. The search filter > is currently fixed at cn=<username>, but this could easily be made > configurable. Once it has found the dn for that particular user, it > authenticates. Enjoy. > It seems that cram-md5 requires that the client has a plaintext copy of > the real password. Am I correct? If so then authldap could never provide > cram-md5 support? > Cheers. >
LDAP could use cram-md5, you would just have to store the passwords in plaintext in the directory. It's easy, if that is what you would want to do. Sun/iPlanet DS 5 has some nice facilities for specifying the password encryption scheme, so as to apply plaintext encryption on subtrees. By default, it stores the clear text password in base64, btw. All you would need after that is an ACI that allows a certain DN to read the password. The question is whether you would want the directory to store passwords in clear text. If your directory is already initialized, then yes, that would be a problem. Elliot F.
