Hello,
I have received no suggestions to my question posted Monday, 3/20/00. There
is additional information that may facilitate some ideas.
I failed to mention we are using Netscape Messaging Server 4.1 (POP/IMAP/SMTP)
and passwords are authenticated via the LDAP server. These run on a
Sun Solaris 2.6 system.
Netscape Directory Server 4.1 (LDAP) stores passwords in one of the
three methods; plain text, via C crypt() function, or via Secure Hash
Algorithm (SHA). Netscape recommends storing passwords via SHA.
Our thought is to run a replication LDAP server on the Digital UNIX 4.0D
to synchronize with the master LDAP server on the Sun system
to solve the problem of password synchronization. I can write a password
Trojan horse to both save the password in the C2 Enhanced Security
database and in the replication LDAP server on the Digital UNIX 4.0D
system. That is, use bigcrypt() to encrypt on the DU system and use
the perl SHA libraries to hash the password and store it in the
replication LDAP server, for example. So the problem of changing the
password via the Digital UNIX system is 'solved.'
The problem that remains is what to do if someone changes the password
via the Netscape Messaging Server. We don't have source code
for Netscape Messaging Server so it is more of a challenge to
intercept the plain text password. Of course, we could store the
passwords via LDAP in plain text but this is not secure. We could
use crypt() but then we would be limited to 8 character passwords.
Any suggestions?
ORIGINAL QUESTIONS:
-------------------------------------------------------------------
We are exploring options to have Digital UNIX 4.0D with C2 Enhanced Security
share passwords with Netscape Directory Server 4.1 (LDAP server). We prefer
real time updates of passwords but batch methods have some merit.
Is anyone doing this?
What are possible ways of accomplishing this?
Have there been reliability problems with the Netscape Directory Server?
All ideas and options are welcome.
As a secondary concern, we would like to explore the possibility of
including Novell Netware 4.11 password sharing in the above environment.
We must make our recommendations by this Thursday, 3/23/00.
-------------------------------------------------------------------
--
Regards,
Richard Jackson
Computer Center Lead Engineer,
Central Systems & Dept. UNIX Consulting
University Computing & Information Systems (UCIS)
George Mason University, Fairfax, Virginia
Received on Wed Mar 22 2000 - 19:06:30 NZST