The basic mechanism is the same, i.e. after successful authentication, the cookie is modified to store a hash of the username and the LDAP marker, instead of the password. LDAP accounts are quite often used institution-wide for single sign on (SSO), so I think it’s a bad idea to store that password anywhere outside the LDAP server, even if it’s double hashed. On Novell NDS you can’t even get the password, you can only compare it.
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.