Lightweight Directory Access Protocol (Ldap) - Extended Feature; Lightweight Challenge-Response Mechanism Pop (Apop) - Extended Feature - Panasonic DP-8020E Service Manual
Hide thumbs
Also See for DP-8020E:
- Operating instructions manual (88 pages) ,
- Quick manual (54 pages) ,
- Operating instructions manual (20 pages)
Table of Contents
Advertisement
DP-8020E/8020P/8016P
9.14. Lightweight Directory Access Protocol (LDAP) - Extended Feature
The protocol is designed to provide access to directories supporting the X.500 models, while not incurring
the resource requirements of the X.500 Directory Access Protocol (DAP).
This protocol is specifically targeted at management applications and browser applications that provide
read/write interactive access to directories. When used with a directory supporting the X.500 protocols, it is
intended to be a complement to the X.500 DAP.
X.500 is an overall model for Directory Services in the OSI world. The model encompasses the overall
namespace and the protocol for querying and updating it. A major part of X.500 is that it defines a global
directory structure.
It is essentially a directory web in much the same way that "http" & "html" are used to define & implement
the global hypertext web. Anyone with an X.500 or LDAP client may peruse the global directory just as they
can use a web browser to peruse the global Web.
From the "Start" menu of Windows client PC, you can search for people on the Internet, using of server at
directory services.
9.15. Lightweight Challenge-response Mechanism POP (APOP)
- Extended Feature
The base POP3 specification (POP3) also contains a lightweight challenge-response mechanism called
APOP. APOP is associated with most of the risks associated with such protocols: in particular, it requires
that both the client and server machines have access to the shared secret in clear text form. Challenge-
Response Authentication Mechanism (CRAM) offers a method for avoiding such clear text storage while
retaining the algorithmic simplicity of APOP in using only MD5.
Normally, each POP3 session starts with a USER/PASS exchange. This results in a server/user-id specific
password being sent in the clear on the network. For intermittent use of POP3, this may not introduce a
sizable risk. However, many POP3 client implementations connect to the POP3 server on a regular basis to
check for new mail. Further the interval of session initiation may be on the order of five minutes. Hence, the
risk of password capture is greatly enhanced.
An alternate method of authentication is required which provides for both origin authentication and replay
protection, but which does not involve sending a password in the clear over the network. The APOP
command provides this functionality.
A POP3 server which implements the APOP command will include a timestamp in its banner greeting. For
example, on a UNIX implementation in which a separate UNIX process is used for each instance of a POP3
server, the syntax of the timestamp might be:
<process-ID.clock@hostname>
where "process-ID" is the decimal value of the process's PID, clock is the decimal value of the system
clock, and hostname is the fully-qualified domain-name corresponding to the host where the POP3 server is
running.
460
Ver. 1.0
SEP 2006
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
