[Date Prev][Date Next] [Chronological] [Thread] [Top]

userPassword in generated LDIF

To: openldap-devel@OpenLDAP.org
Subject: userPassword in generated LDIF
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 04 Aug 1999 11:31:56 -0700

Many SASL mechanisms require access to the user's password in
cleartext form.  So that administrators will not be inadvertently
exposed to userPassword in cleartext form, I believe it would be
wise to modify the ldif generation code used by ldapsearch
and ldbmcat to present userPassword values in base64 encoding.

This adds zero password security... an administrator can easily
decode the base64 to obtain the password.  However, it much
easier for an administrator to forget a base64 string than
an actual password if she is inadvertently exposed.

Kurt

Prev by Date: Re: libldap LDAP_OPT_NETWORK_TIMEOUT feature (ITS#239)
Next by Date: RE: more verbose error reporting
Index(es):
- Chronological
- Thread