[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword: {UNIX}uid [was: Authentication with UNIX username/password (ITS#212)]

To: openldap-devel@OpenLDAP.org
Subject: Re: userPassword: {UNIX}uid [was: Authentication with UNIX username/password (ITS#212)]
From: Julio Sanchez <j_sanchez@stl.es>
Date: 26 Jun 1999 22:58:25 +0200
In-reply-to: "Kurt D. Zeilenga"'s message of "Sat, 26 Jun 1999 12:35:16 -0700"
References: <3.0.5.32.19990626123516.0097a2c0@localhost>

"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> writes:

> I've committed changes based upon ST's submission...
> 
> Given entries:
> 	dn: cn=user,dc=foo
> 	objectclass: person
> 	cn: user
> 	userPassword: {UNIX}uid

I don't know...  A user that can change this to point to some other
uid can then use slapd to crack that other uid password.

With little trace in system's security logs...

A little bit scary.  Some daemons used to allow this and have always
been problematic.

Julio

Follow-Ups:
- Re: userPassword: {UNIX}uid [was: Authentication with UNIX username/password (ITS#212)]
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- userPassword: {UNIX}uid [was: Authentication with UNIX username/password (ITS#212)]
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: userPassword: {UNIX}uid [was: Authentication with UNIX username/password (ITS#212)]
Next by Date: Re: userPassword: {UNIX}uid [was: Authentication with UNIX username/password (ITS#212)]
Index(es):
- Chronological
- Thread