468
JAN 2006
Ver. 5.2
DP-3510/3520/3530/4510/4520/4530/6010/6020/6030
9.14. Lightweight Directory Access Protocol (LDAP) - Extended Feature
The protocol is designed to provide access to directories supporting the X.500 models, while not incurring
the resource requirements of the X.500 Directory Access Protocol (DAP).
This protocol is specifically targeted at management applications and browser applications that provide
read/write interactive access to directories. When used with a directory supporting the X.500 protocols, it is
intended to be a complement to the X.500 DAP.
X.500 is an overall model for Directory Services in the OSI world. The model encompasses the overall
namespace and the protocol for querying and updating it. A major part of X.500 is that it defines a global
directory structure.
It is essentially a directory web in much the same way that “http” & “html” are used to define & implement
the global hypertext web. Anyone with an X.500 or LDAP client may peruse the global directory just as they
can use a web browser to peruse the global Web.
From the "Start" menu of Windows client PC, you can search for people on the Internet, using of server at
directory services.
9.15. Lightweight Challenge-response Mechanism POP (APOP)
- Extended Feature
The base POP3 specification (POP3) also contains a lightweight challenge-response mechanism called
APOP. APOP is associated with most of the risks associated with such protocols: in particular, it requires
that both the client and server machines have access to the shared secret in clear text form. Challenge-
Response Authentication Mechanism (CRAM) offers a method for avoiding such clear text storage while
retaining the algorithmic simplicity of APOP in using only MD5.
Normally, each POP3 session starts with a USER/PASS exchange. This results in a server/user-id specific
password being sent in the clear on the network. For intermittent use of POP3, this may not introduce a
sizable risk. However, many POP3 client implementations connect to the POP3 server on a regular basis to
check for new mail. Further the interval of session initiation may be on the order of five minutes. Hence, the
risk of password capture is greatly enhanced.
An alternate method of authentication is required which provides for both origin authentication and replay
protection, but which does not involve sending a password in the clear over the network. The APOP
command provides this functionality.
A POP3 server which implements the APOP command will include a timestamp in its banner greeting. For
example, on a UNIX implementation in which a separate UNIX process is used for each instance of a POP3
server, the syntax of the timestamp might be:
<process-ID.clock@hostname>
where "process-ID" is the decimal value of the process's PID, clock is the decimal value of the system
clock, and hostname is the fully-qualified domain-name corresponding to the host where the POP3 server is
running.
Summary of Contents for DP-3530
Page 4: ...4 Beispiel DP 6530 4530 6030 Hinweis ...
Page 424: ...424 JAN 2006 Ver 5 2 DP 3510 3520 3530 4510 4520 4530 6010 6020 6030 ...
Page 425: ...425 JAN 2006 Ver 5 2 DP 3510 3520 3530 4510 4520 4530 6010 6020 6030 ...
Page 474: ...474 JAN 2006 Ver 5 2 DP 3510 3520 3530 4510 4520 4530 6010 6020 6030 memo ...
Page 842: ...memo ...
Page 858: ...DZZSM00298 ...