SRP and DirectoryService
SRP and DirectoryService
- Subject: SRP and DirectoryService
- From: Robert Nilsson <email@hidden>
- Date: Wed, 11 Mar 2009 20:16:43 +0100
Hi,
I am currently working on a client-server application where I would
like to use the Secure Remote Password protocol (SRP, http://srp.stanford.edu/)
for authentication of users as well as obtaining a good key to use
for encrypting the rest of the "conversation". This part is not a
problem. However, I would like to integrate this with DirectoryService
(DS) so that I can authenticate users from (for example) an OD. Now
the trouble begins. SRP requires that the server has access to the
password either in clear-text or in some other directly derived form
(SHA1 hash could be made to work). Hence I've been looking for a way
to obtain this from DS or any other means, I've been thinking about
creating a new authentication mechanism for SRP but I can't find any
documentation about how to do that which might point to it not being
supported.
I'm just about to give up the SRP idea and use something supported,
like CRAM-MD5, but these alternatives are not as attractive
considering that there are known security flaws with some of them and
they do not generate a good cryptographic key as a by-product either.
Obviously my question is if anyone has any experience of doing
something similar or has any ideas about how it might be done?
Thanks in advance,
Robert Nilsson
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden