[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7612) {CLEARTEXT} password scheme broken



Full_Name: Ferenc Wágner
Version: 2.4.31
OS: Debian GNU/Linux squeeze
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (86.101.52.7)


I'm trying to store the hypothetical password "{SSHA}" in cleartext, but
slappasswd refuses to help:

$ /usr/sbin/slappasswd -s {SSHA} -h {CLEARTEXT}
Password verification failed.

On #openldap hbf suggested that I file an ITS ("work" in the following means
allowing binding):

hbf: Looks like {CLEARTEXT} itself is broken.  I think "userPassword:
{CLEARTEXT}secret" should work, and so that slappasswd -h {CLEARTEXT} -s secret
can output {CLEARTEXT}secret and userPassword: {CLEARTEXT}{SSHA} would be
valid.

As I agree with him, here it is.