No rush on my end. It was something I started working on, hit a roadblock, and shelved for a later date. If you are also thinking about systems like OpenID, the login protocol will need to be re-imagined slightly. Maybe the best idea would be writing a spec for a login protocol that accommodates systems like LDAP, OpenID, etc.
To continue this thread though, any time you login to a website your browser is sending your password "in plaintext" inside an SSL stream. It's not a known insecure method, it's the way the web works. Just make sure to check your certificates (which the client does not do now). John From: realxtend@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Jani Pirkola Sent: Thursday, September 25, 2008 11:27 AM To: realxtend@googlegroups.com Subject: [REX] Re: AD/AM for enterprise authentication? John, how long you can wait for us to figure out how/what to do? Even if using SSL and plaintext password on top of that isn't the best solution, it is a good option, right? How much work that would cause on our end? I really would love to see the AD/AM implemented and if John is doing it ... we should give support. If we go that way now, can we change it later to be smarter? Best, Jani 2008/9/25 Matti Kuonanoja <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> Sending password as plain text might be possible if the connection is encrypted exp. with SSL. But as Mikko said it isn't best practice. I don't have a solution to this right now. We must research this matter more to get authentication scheme where we support existing methods like openID, AD etc. On 25 syys, 00:14, "Jani Pirkola" <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: > MattiK, > > can you figure out how to solve this one? We need to do it anyway so why not > do it as soon as possible to help John to help us. > > Best regards, > Jani > > 2008/9/25 Hurliman, John <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> > > > > > I started work on a simulator LDAP authentication module (it is > > surprisingly simple using the .NET/Mono libraries), but ran into an issue. > > The client currently sends MD5 hashes of passwords instead of the plaintext > > password, and you must feed the plaintext password to the .NET library to do > > a proper bind. Even if a different LDAP library was used (or a new one > > written) it would still require a client modification to get the passwords > > in a different format. Worse still, there are several different > > authentication mechanisms depending on how your AD/OpenLDAP/etc admin has > > configured the service. The client would need to do an exchange with the > > login server to agree on a supported hashing format, or send the password in > > plaintext. I'm not in any position to do client modifications so I put this > > project on hold. If I'm missing something obvious or you discover a > > workaround please let me know and I can resume working on this. > > > John > > > *From:* realxtend@googlegroups.com<mailto:realxtend@googlegroups.com> > > [mailto:realxtend@googlegroups.com<mailto:realxtend@googlegroups.com>] *On > > Behalf Of *Jani Pirkola > > *Sent:* Thursday, September 18, 2008 3:22 AM > > *To:* realxtend@googlegroups.com<mailto:realxtend@googlegroups.com> > > *Subject:* Re: AD/AM for enterprise authentication? > > > Peter, > > > thanks for bringing this up, it helps us to prioritize tasks when we know > > which ones are actually wanted. We already had this on our list so that we > > will hopefully enable AD for realXtend during this year. > > G2 Proto, do you think you and your group could contribute some help to > > this task? > > > Best regards, > > Jani > > > 2008/9/18 Peter_Quirk <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> > > > Active Directory / Application Mode looks very appropriate for > > leveraging enterprise SSO services from Active Directory while > > maintaining the application-specific information about a user's avatar > > identity. Pluggable authentication systems like this will greatly > > simplify realXtend's adoption for enterprise use. Information on AD/AM > > is available at > >http://www.microsoft.com/windowsserver2003/techinfo/overview/adam.mspx.- > >Piilota siteerattu teksti - > > - Näytä siteerattu teksti - --~--~---------~--~----~------------~-------~--~----~ http://groups.google.com/group/realxtend -~----------~----~----~----~------~----~------~--~---
