[p4] LDAP authentication with encryption
markm@emeter.com
markm at emeter.com
Mon Feb 26 16:22:34 PST 2007
Hi Matt,
Thanks for the prompt reply. And it is Active Directory that I am using
for user authentication, so I apologize for any confusion.
Is that perl script that you are using in the Perforce public depot? Or
is it something that you would be willing to share? I received a script
from Perforce tech support (which I am attaching) that just uses simple
authentication for binding to Active Directory. And my IT admin is
concerned about sending clear text passwords around the network.
Thanks,
Mark
-----Original Message-----
From: Matthew Janulewicz [mailto:MJanulewicz at greendotcorp.com]
Sent: Monday, February 26, 2007 4:17 PM
To: Mark MacDonald; perforce-user at perforce.com
Subject: RE: [p4] LDAP authentication with encryption
I'm not hugely knowledgeable about LDAP, but I got authentication to
work with Active Directory. We're using a perl script that uses the
Net::LDAP library from cpan to connect (attempt a bind.) We originally
were not sure if it encrypted the password, so we set a sniffer loose on
it and were not able to find any passwords being sent across in plain
text. Your mileage may vary.
At the very least you should be able to find a library to support ssl
(LDAPS) to send encrypted info across the wire to the server. However,
you of course will need an LDAP server at the other end that understands
the encrypted data once it gets there. The CPAN module seems to handle
this pretty easily.
Lastly, we did discover that if you have verbose logging turned on for
the Perforce server, the particular script and library we use will write
passwords in plaintext in the log. Look out for that.
-Matt
-----Original Message-----
From: markm at emeter.com [mailto:markm at emeter.com]
Sent: Monday, February 26, 2007 10:14 AM
To: perforce-user at perforce.com
Subject: [p4] LDAP authentication with encryption
Has anyone set up Perforce to use LDAP as an external authentication
method, and to also encrypt the authentication communication to the LDAP
server? Perforce tech support provided an authentication script that
works fine, except for the fact that it only uses simple authentication
with the LDAP server. This method sends the passwords in clear text
between the Perforce server and the LDAP server. Has anyone written a
similar trigger that uses an encrypted binding to the LDAP server?
Thanks,
Mark
_______________________________________________
perforce-user mailing list - perforce-user at perforce.com
http://maillist.perforce.com/mailman/listinfo/perforce-user
More information about the perforce-user
mailing list