You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/04/03 16:22:42 UTC
svn commit: r1464038 - in /directory/site/trunk/content/apacheds/advanced-ug:
4-authentication-and-authorization.mdtext
4.1.1.2-name-password-authn.mdtext 4.1.1.3-unauthenticated-authn.mdtext
Author: elecharny
Date: Wed Apr 3 14:22:42 2013
New Revision: 1464038
URL: http://svn.apache.org/r1464038
Log:
Added a page, plus some typoes fixing
Added:
directory/site/trunk/content/apacheds/advanced-ug/4.1.1.3-unauthenticated-authn.mdtext
- copied, changed from r1463962, directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-unauthenticated-authn.mdtext
Modified:
directory/site/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext
Modified: directory/site/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.mdtext?rev=1464038&r1=1464037&r2=1464038&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.mdtext Wed Apr 3 14:22:42 2013
@@ -27,10 +27,10 @@ Notice: Licensed to the Apache Software
## Chapter content
* [4.1 - Authentication](4.1-authentication.html)
- * [4.1.1 - Simple authentication](4.1.1-simple-authn.html)
- * [4.1.1.1 - Anonymous Authentication](4.1.1.1-anonymous-authn.html)
- * [4.1.1.2 - Name/Password Authentication](4.1.1.2-name-password-authn.html)
- * [4.1.1.2 - Unauthenticated Authentication](4.1.1.2-unauthenticated-authn.html)
+ * [4.1.1 - Simple authentication](4.1.1-simple-authn.html)
+ * [4.1.1.1 - Anonymous Authentication](4.1.1.1-anonymous-authn.html)
+ * [4.1.1.2 - Name/Password Authentication](4.1.1.2-name-password-authn.html)
+ * [4.1.1.2 - Unauthenticated Authentication](4.1.1.2-unauthenticated-authn.html)
* [4.1.2 - SASL authentication](4.1.3-sasl-authn.html)
* [4.1.2.1 - SASL anonymous Authentication](4.1.2.1-sasl-anonymous-authn.html)
* [4.1.2.2 - SASL plain text Authentication](4.1.2.2-sasl-plain-text-authn.html)
Modified: directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext?rev=1464038&r1=1464037&r2=1464038&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.mdtext Wed Apr 3 14:22:42 2013
@@ -141,7 +141,7 @@ Here, one of the **userPassword** value
return false
<DIV class="note" markdown="1">
- A few rule of thumb :<BR/>
+ A few rules of thumb :<BR/>
o Never store a password as plain text. <BR/>
o Prefer salted methods over non salted ones, and prefer the strongest one (here, SSHA-512 on Studio 2.0, or SSHA)<BR/>
o crypt is also a good choice<BR/>
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.1.1.3-unauthenticated-authn.mdtext (from r1463962, directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-unauthenticated-authn.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.1.3-unauthenticated-authn.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.1.1.3-unauthenticated-authn.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-unauthenticated-authn.mdtext&r1=1463962&r2=1464038&rev=1464038&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.1.2-unauthenticated-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.1.3-unauthenticated-authn.mdtext Wed Apr 3 14:22:42 2013
@@ -0,0 +1,33 @@
+Title: 4.1.1.3 Unauthenticated Authentication
+NavPrev: 4.1.1.2-name-password-authn.html
+NavPrevText: 4.1.1.2 - Name/Password Authentication
+NavUp: 4.1.1-simple-authn.html
+NavUpText: 4.1.1 - Simple authentication
+NavNext: 4.1.3-sasl-authn.html
+NavNextText: 4.1.2 - SASL authentication
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ .
+ http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+# 4.1.1.3 - Unauthenticated Authentication
+
+The **Unauthenticated Authentication** mechanism is a bit specific. First of all, none all the **LDAP** servers support such a mechanism. In fact, the default behavior is for server to return a **unwillingToPerform** result code when someone tries to bind using a null password.
+
+We won't go any deeper into this 'feature', those interested in the rational behind it and the associated drawbacks can read the following links :
+
+ [RFC 4513, Unauthenticated Authentication Mechanism of Simple Bind](http://tools.ietf.org/html/rfc4513#section-5.1.2)
+and
+ [RFC 4513, Unauthenticated Mechanism Security Considerations](http://tools.ietf.org/html/rfc4513#section-6.3.1)
\ No newline at end of file