SCRAM in LDAP: Better Password-based Authentication
The Salted Challenge Response Authentication Mechanism (SCRAM) is a password-based authentication mechanism for use in application protocols, such as LDAP, via the Simple Authentication and Security Layer (SASL) framework. SCRAM offers a number of improvements over older password-based mechanisms, including channel bindings for use with TLS.
This talk will discuss the evolution of password-based authentication mechanisms as used in LDAP. The goal of this talk is to educate implementors and deployer of Directory and other application services on the security value of SCRAM authentication over older password-based authentication mechanisms.