[Opensim-dev] Singularity viewer

Sebastián Castillo Carrión scastillop at gmail.com
Tue Oct 2 07:35:44 UTC 2018 

Thank you for your answer.

The ldap security is out of my reach, so I can't change it, it is supported by other people who won't change it.

Anyway, thanks for helping.


On Wed, 12 Sep 2018 13:38:10 -0700
Cinder Roxley <cinder at alchemyviewer.org> wrote:

> Not possible. As I already stated, the viewer sends an md5 sum of the
> password, not cleartext. Instead of attempting to make logins less secure,
> you should setup ldap securely and use a secure authentication mechanism:
> https://www.python-ldap.org/en/latest/reference/ldap-sasl.html
> 
> 
> On September 12, 2018 at 1:25:52 PM, Sebastián Castillo Carrión (
> scastillop at gmail.com) wrote:
> 
> Imagine the following python example:
> 
> l = ldap.open("127.0.0.1")
> username = "cn=Manager, o=anydomain.com"
> password = "secret"
> l.simple_bind(username, password)
> 
> If the server receives the password hashed, then it can't bind to the ldap
> server, because the function bind need the password argumento to be not
> hashed.
> 
> 
> 
> On Wed, 12 Sep 2018 10:44:49 -0700
> Cinder Roxley <cinder at alchemyviewer.org> wrote:
> 
> > No you cannot and that is a very insecure design. The password is hashed
> > using MD5 and sent. You should configure your LDAP server to use SASL at
> > very least.
> >
> >
> > On September 12, 2018 at 11:35:24 AM, Sebastián Castillo Carrión (
> > scastillop at gmail.com) wrote:
> >
> > Does anyone know if it is possible to make Singularity send the user
> > password (in the login process) without any type of encryption to the
> > opensim server?
> >
> > The reason is that I am implementing ldap authentication
> > opensim_server<->ldap_server, and https connection
> opensim_server<->client,
> > and I need to send plain password to opensim so ldap authentication
> > functions of the ldap library can be used (they use plain password as one
> > of the arguments).
> >
> > Thank you.
> >
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at opensimulator.org
> > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> > _______________________________________________
> > Opensim-dev mailing list
> > Opensim-dev at opensimulator.org
> > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev

More information about the Opensim-dev mailing list