[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4636) Hashing Password

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4636) Hashing Password
From: Kurt@OpenLDAP.org
Date: Fri, 11 Aug 2006 17:38:58 GMT

I see no indication of a software bug here.

The client is, presumedly, sending an LDAP Modify request and
the server appears to be storing the values as presented.  This
is as intended.  In the 'set' case, the client is presumedly
sending an LDAP Password Modify request and the server, being
configured to hash passwords, is hashing the presented values.
This is as intended.

I note that when one stores hashed passwords in userPassword,
whether using client-side hashing with LDAP Modify operation
or server-side hashing with LDAP Password Modify operation,
the server should be configured not return userPassword values
to clients.  Doing so may cause interoperabiltiy problems with
clients that expect the server to return only clear text
passwords as prescribed by the LDAP technical specification.

In absence of clear evidence of a bug in OpenLDAP Software,
this report will be closed.

Kurt

At 11:41 AM 8/10/2006, Primesolutionsinc@gmail.com wrote:
>Full_Name: Charles Giss
>Version: 2.3.24
>OS: Solaris 9
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (66.95.164.131)
>
>
>Server will no longer hash passwords, when using LDAP Browser\Editor vs 2.8.2.
>
>When viewing a users account, selecting the password, (users password is shown
>either in a SSHA or SHA format) if I type a clear text password and hit apply,
>the server should hash the password, however that does not happen. I get a
>"Failed to update entry uid=(name of the account)notice.
>
>Can some help me to understand why? 
>
>If I click "set" then enter a password, it is hashed without a problem.

Prev by Date: (ITS#4637) slapd+back-perl segfaults
Next by Date: Re: (ITS#4638) syncrepl and rwm overlay crash
Index(es):
- Chronological
- Thread