Re: (ITS#6249) Feature request: Password Modify ext. op. and anonymous LDAP connection

11 Aug 2009


      hyc@symas.com wrote:
...
michael@stroeder.com wrote:
...
Full_Name: Michael Ströder
Version: HEAD
OS:
URL:
Submission from: (NULL) (84.163.50.194)
I'd like to request that a Password Modify ext. op. request should succeed on a
LDAP connection as anonymous if the LDAP client provides the correct old
password.
E.g. OpenDS implements it like this and it makes sense to me regarding a user
setting a new password in case of an expired password.
Adding this feature would open up the pwdModify exop as a mechanism for 
password guessing attacks.
There could be still the bad password counter in effect just like when
processing bind requests.
Ciao, Michael.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: (ITS#6249) Feature request: Password Modify ext. op. and anonymous LDAP connection