[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]











 "http://www.w3.org/TR/html4/loose.dtd">

<li>date: Wed, 12 Oct 2005 20:27:42 -0400</li>
<li>from: jasonday at worldnet.att.net (Jason Day)</li>
<li>in-reply-to: <<a href="msg00310.html">[email protected]</a>></li>
<li>references: <<a href="msg00269.html">[email protected]</a>> <<a href="msg00286.html">[email protected]</a>> <<a href="msg00294.html">[email protected]</a>> <<a href="msg00300.html">[email protected]</a>> <<a href="msg00302.html">[email protected]</a>> <<a href="msg00305.html">[email protected]</a>> <<a href="msg00310.html">[email protected]</a>></li>
<li>subject: [ale] How LDAP works with authentication</li>

I'm not talking about storage, I'm talking about authentication.  LDAP
provides an authentication mechanism.  For example, in Java:

Hashtable env = new Hashtable();
env.put(Context.SECURITY_PRINCIPAL, &quot;bob&quot;);
env.put(Context.SECURITY_CREDENTIALS, &quot;password&quot;);
env.put(Context.PROVIDER_URL, &quot;<a  rel="nofollow" href="ldap://ldap.blah.com/O=foo&quot";>ldap://ldap.blah.com/O=foo&quot</a>;);

try {
    new InitialDirContext(env);
}
catch (AuthenticationException e) {
    //...
}

That's from memory, so it may not be entirely correct.  But, if the
hashtable argument passed to the InitialDirContext constructor contains
the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS keys,
then the LDAP server will authenticate the given user.  If no
AuthenticationException is thrown, then the supplied username and
password are valid.

I don't know what the C API is, but I imagine it's similar.  So, for
your getldappwnam(), in step 2:

&gt;2.  If not and LDAP is configured then exec getldappwnam() and
&gt;    check for 'bob' in central server.

You don't need to retrieve bob's password hash and compare it, you just
send bob's username and password to the LDAP server and let the server
do the authentication.  If you can do SSL, then you can use an SSL LDAP
URL and you don't have to worry about sending the username and password
in plain text to the LDAP server.

-- 
Jason Day                                       jasonday at
<a  rel="nofollow" href="http://jasonday.home.att.net";>http://jasonday.home.att.net</a>                    worldnet dot att dot net
 
&quot;Of course I'm paranoid, everyone is trying to kill me.&quot;
    -- Weyoun-6, Star Trek: Deep Space 9


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00316" href="msg00316.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00269" href="msg00269.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00286" href="msg00286.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> jasonday at worldnet.att.net (Jason Day)</li></ul></li>
<li><strong><a name="00294" href="msg00294.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00300" href="msg00300.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> jasonday at worldnet.att.net (Jason Day)</li></ul></li>
<li><strong><a name="00302" href="msg00302.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00305" href="msg00305.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> jasonday at worldnet.att.net (Jason Day)</li></ul></li>
<li><strong><a name="00310" href="msg00310.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00314.html">[ale] Sync a Palm Tungsten T5 with Linux - Update</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00316.html">[ale] How LDAP works with authentication</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00310.html">[ale] How LDAP works with authentication</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00316.html">[ale] How LDAP works with authentication</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00315"><strong>Date</strong></a></li>
<li><a href="threads.html#00315"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Index(es):
- Date
- Thread