[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: Remote client IP for plain & login methods



I, for one, do not understand the feature you are proposing.  Addressless tickets are now the norm for Kerberos and AFAIK the address wasn't used by the GSSAPI mechanism anyway.

On Feb 25, 2010, at 9:54 AM, George Forman wrote:

> Cyrus-sasl gurus,
> 
> We have a need to pass the remote client's IP address to our authentication service via LDAP DN.  I see kerberos has the remote client's IP address passed to that mechanism. Is there any plans to provide the same ability to plain and login mechanisms?
> 
> I could not find any patches which implement this feature. I believe this would be an added security feature to prevent dictionary attacks, etc. Does this capability exist? If not, I am currently going to modify the code to mimic kerberos' implementation within plain & login. Would this group be interested in including this feature into future releases if I provide a patch to the listserve?
> 
> 
> George
> 
> 
> 
> Hotmail: Free, trusted and rich email service. Get it now.

------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@xxxxxxxxxxxx, or hbhotz@xxxxxxx





[Video For Linux]     [Photos]     [Yosemite News]    [Yosemite Photos]     [gtk]     [KDE]     [Info Cyrus]     [Gimp on Windows]     [Steve's Art]     [Script Fu]

Powered by Linux