It Seems That "Security Last" Is Lion's Motto
I know folks at Apple's headquarters are kind of preoccupied this week, but in between the obligatory valedictions for the Dear Leader, maybe some of their brighter engineers could sit down and fix a huge problem that's been hiding below the surface of Mac OS X Lion.
It seems that the company's implementation of LDAP (the Lightweight Directory Access Protocol) just doesn't work as it should. To summarize, when you log into a server, one of four things ought to happen:
- access is denied when invalid authentication credentials are presented
- access is granted when valid credentials are presented
- access is denied despite your presenting valid credentials, or
- access is granted even when presenting invalid credentials.
From all reports, Apple's people can replicate the bug, but the company hasn't acknowledged its existence; a former colleague of mine is speculating that it's because LDAP authentication isn't used that often on Mac clients.
But while that may be the case, where LDAP is used, it's absolutely vital. It's utterly inexcusable for Apple to sweep this problem under the rug. I hate to say "I told you so," but I did.
Apple's given up on its business users, but like abused lovers, we keep saying that we ran into a cabinet door. When will we learn?