Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6769

Allow proxy to convert simple bind to SCRAM-based bind

    Details

    • Type: New Feature
    • Status: Dev backlog
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: proxy, security
    • Labels:
      None

      Description

      The support for SASL SCRAM promises to offload the cost of computationally intensive authentication to the client (attacker) side. But SCRAM is new, and initially we might expect limited client support in deployments.

      If the proxy could transform simple binds from clients into SASL SCRAM to the directory servers, directory deployers could use a SCRAM storage scheme for passwords in the directory data, and initially pay the cost in a "dataless" proxy layer that should be cheaper to scale than the directory layer.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              Mark Mark Craig
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: