[Opensim-dev] Singularity viewer
Sebastián Castillo Carrión
scastillop at gmail.com
Wed Sep 12 18:25:44 UTC 2018
Imagine the following python example:
l = ldap.open("127.0.0.1")
username = "cn=Manager, o=anydomain.com"
password = "secret"
l.simple_bind(username, password)
If the server receives the password hashed, then it can't bind to the ldap server, because the function bind need the password argumento to be not hashed.
On Wed, 12 Sep 2018 10:44:49 -0700
Cinder Roxley <cinder at alchemyviewer.org> wrote:
> No you cannot and that is a very insecure design. The password is hashed
> using MD5 and sent. You should configure your LDAP server to use SASL at
> very least.
>
>
> On September 12, 2018 at 11:35:24 AM, Sebastián Castillo Carrión (
> scastillop at gmail.com) wrote:
>
> Does anyone know if it is possible to make Singularity send the user
> password (in the login process) without any type of encryption to the
> opensim server?
>
> The reason is that I am implementing ldap authentication
> opensim_server<->ldap_server, and https connection opensim_server<->client,
> and I need to send plain password to opensim so ldap authentication
> functions of the ldap library can be used (they use plain password as one
> of the arguments).
>
> Thank you.
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
More information about the Opensim-dev
mailing list