K
Kevin McMurtrie
I have a situation where I need to authenticate an HTTP client with low
latency on a LAN. It doesn't matter if the connection is watched, I
only need to verify who is publishing data.
Right now I'm using a Servlet filter that implements rfc2069 (Digest
Access Authentication) to protect certain HTTP resources. It's getting
pre-hashed passwords from a config file so there is no plaintext
anywhere in the pipeline. I'd like for LDAP authentication to also be
an option. LDAPv3 implements the same authentication scheme via SASL so
this should be easy to pass through, right? The only LDAPv3 clients
that I can find take a plaintext password and negotiate the digest
themselves. Is there an LDAP client that will allow the caller to
participate in the authentication?
I know there are other solutions but they're not as elegant or easy to
integrate into an existing LDAP database.
latency on a LAN. It doesn't matter if the connection is watched, I
only need to verify who is publishing data.
Right now I'm using a Servlet filter that implements rfc2069 (Digest
Access Authentication) to protect certain HTTP resources. It's getting
pre-hashed passwords from a config file so there is no plaintext
anywhere in the pipeline. I'd like for LDAP authentication to also be
an option. LDAPv3 implements the same authentication scheme via SASL so
this should be easy to pass through, right? The only LDAPv3 clients
that I can find take a plaintext password and negotiate the digest
themselves. Is there an LDAP client that will allow the caller to
participate in the authentication?
I know there are other solutions but they're not as elegant or easy to
integrate into an existing LDAP database.