When a proxy agent is used the system administrator also needs to choose an authentication method for that identity to authenticate to the directory. Currently the supported mechanisms by Solaris 8 clients are SIMPLE, and CRAM-MD5.
If SIMPLE is chosen, the client authenticates to an LDAP server by sending a simple bind request to the server. It is worth noting that with this authentication method, the password is transmitted in the clear and is subject to snooping. The primary advantage of using SIMPLE is that it is the required authentication method as defined in the LDAP standard, and all directory servers support it.
Some directory servers also support Challenge Response Authentication Mechanism (CRAM-MD5) through Simple Authentication and Security Layer (SASL). The primary advantage of CRAM-MD5 is that the password does not go over the wire in the clear during authentication and therefore is more secure than SIMPLE. See RFC 2195 for information on CRAM-MD5. See RFC 2222 for information on SASL.
Currently the iPlanet Directory Server version 4.11 does not support the CRAM-MD5 method.