[Opensim-dev] Singularity viewer

[Cinder Roxley]

Not possible. As I already stated, the viewer sends an md5 sum of the
password, not cleartext. Instead of attempting to make logins less secure,
you should setup ldap securely and use a secure authentication mechanism:
https://www.python-ldap.org/en/latest/reference/ldap-sasl.html


On September 12, 2018 at 1:25:52 PM, Sebastián Castillo Carrión (
scastillop at gmail.com) wrote:

Imagine the following python example:

l = ldap.open("127.0.0.1")
username = "cn=Manager, o=anydomain.com"
password = "secret"
l.simple_bind(username, password)

If the server receives the password hashed, then it can't bind to the ldap
server, because the function bind need the password argumento to be not
hashed.



On Wed, 12 Sep 2018 10:44:49 -0700
Cinder Roxley <cinder at alchemyviewer.org> wrote:

> No you cannot and that is a very insecure design. The password is hashed
> using MD5 and sent. You should configure your LDAP server to use SASL at
> very least.
>
>
> On September 12, 2018 at 11:35:24 AM, Sebastián Castillo Carrión (
> scastillop at gmail.com) wrote:
>
> Does anyone know if it is possible to make Singularity send the user
> password (in the login process) without any type of encryption to the
> opensim server?
>
> The reason is that I am implementing ldap authentication
> opensim_server<->ldap_server, and https connection
opensim_server<->client,
> and I need to send plain password to opensim so ldap authentication
> functions of the ldap library can be used (they use plain password as one
> of the arguments).
>
> Thank you.
>
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev