[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL secrets in LDAP



   Date: Mon, 06 May 2002 17:14:03 -0700
   From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
   Cc: <openldap-devel@OpenLDAP.org>

   At 05:02 PM 2002-05-06, Howard Chu wrote:
   >For many good reasons, we discourage the storage of plaintext passwords in
   >LDAP.

   Yes, but if userPassword is plaintext (as it really should be, see
   RFC 2256), then we can certainly use it for DIGEST-MD5.

Also, remember that the DIGEST-MD5 password hash is sufficient for
authentication (it is not a one-way hash like /etc/passwd).

Larry