Remote client IP for plain & login methods
Henry B. Hotz
hotz at jpl.nasa.gov
Thu Feb 25 13:17:14 EST 2010
I, for one, do not understand the feature you are proposing. Addressless tickets are now the norm for Kerberos and AFAIK the address wasn't used by the GSSAPI mechanism anyway.
On Feb 25, 2010, at 9:54 AM, George Forman wrote:
> Cyrus-sasl gurus,
>
> We have a need to pass the remote client's IP address to our authentication service via LDAP DN. I see kerberos has the remote client's IP address passed to that mechanism. Is there any plans to provide the same ability to plain and login mechanisms?
>
> I could not find any patches which implement this feature. I believe this would be an added security feature to prevent dictionary attacks, etc. Does this capability exist? If not, I am currently going to modify the code to mimic kerberos' implementation within plain & login. Would this group be interested in including this feature into future releases if I provide a patch to the listserve?
>
>
> George
>
>
>
> Hotmail: Free, trusted and rich email service. Get it now.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Cyrus-sasl
mailing list