|Secure login, LDAP authentication
||[Apr. 25th, 2001|02:45 am]
It'd be convenient if I could authenticate my users against our LDAP server rather than make everyone remember Yet Another password. I suspect this would be a feature appreciated by many businesses considering LiveJournal for intranet use.|
However, I don't actually have access to the user passwords, so I can't do the usual "compare hashed passwords" deal, and having the user send an unhashed password in the clear (so I can try binding to LDAP as them) is unacceptable.
This implies either
Barring (3), I suspect the easiest of these is SSL. The server side stuff is easy (with apache-ssl and Net::LDAP), and there are readily available libraries to do it on the client side.
- some other public-key encryption scheme
- some aspect of LDAP authentication I'm not familiar with
I guess the real question is whether I can persuade Evan to add support for this :) It's okay if not every client in existence can connect to a secure-login-only LiveJournal server, we just need one good Win32 client and one good Unix client, and right now LoserJabber and Evan's upcoming Win32 client look like the most promising candidates.
I dunno. Any thoughts?