You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by wservarch <ws...@gmail.com> on 2010/09/15 15:05:16 UTC

PasswordDigest WS Authentication over OpenLDAP

This might be something basic, but 'am finding difficult to understand.

Client sending credentials with password digest computed as SHA1{password,
nonce, creation time}
The request has to be authenticated over OpenLDAP where the password is
stored by default using SHA1.
Unless authentication is successful, webservice doesn't process the request.

Now in this scenario how exactly is the authentication (password match)
performed? Can somebody clarify my query?
-- 
View this message in context: http://cxf.547215.n5.nabble.com/PasswordDigest-WS-Authentication-over-OpenLDAP-tp2840588p2840588.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: PasswordDigest WS Authentication over OpenLDAP

Posted by wservarch <ws...@gmail.com>.

I was searching for a solution and here is what I could understand

that the client should either pass plain-text password through SSL, which in
turn gets authenticated over LDAP. 'cause always plain-text password should
be passed to LDAP.

is there any way that i can still send digested password and I would still
be able to authenticate against LDAP. Appreciate any responses.
-- 
View this message in context: http://cxf.547215.n5.nabble.com/PasswordDigest-WS-Authentication-over-OpenLDAP-tp2840588p2842207.html
Sent from the cxf-user mailing list archive at Nabble.com.