yarffaJ nalA (jnala) wrote in lj_dev,
yarffaJ nalA

Secure login, LDAP authentication

It'd be convenient if I could authenticate my users against our LDAP server rather than make everyone remember Yet Another password. I suspect this would be a feature appreciated by many businesses considering LiveJournal for intranet use.

However, I don't actually have access to the user passwords, so I can't do the usual "compare hashed passwords" deal, and having the user send an unhashed password in the clear (so I can try binding to LDAP as them) is unacceptable.

This implies either
  1. SSL
  2. some other public-key encryption scheme
  3. some aspect of LDAP authentication I'm not familiar with
Barring (3), I suspect the easiest of these is SSL. The server side stuff is easy (with apache-ssl and Net::LDAP), and there are readily available libraries to do it on the client side.

I guess the real question is whether I can persuade Evan to add support for this :) It's okay if not every client in existence can connect to a secure-login-only LiveJournal server, we just need one good Win32 client and one good Unix client, and right now LoserJabber and Evan's upcoming Win32 client look like the most promising candidates.

I dunno. Any thoughts?

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded