[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie question: setting userPassword field

To: Dustin Sallings <dustin@spy.net>
Subject: Re: Newbie question: setting userPassword field
From: John Kristian <kristian@netscape.com>
Date: Mon, 07 Feb 2000 13:48:05 -0800
Cc: openldap-software@OpenLDAP.org
Organization: The Netscape | Sun Alliance
References: <Pine.SGI.3.95.1000207130356.6124B-100000@bleu.west.spy.net>

Dustin Sallings wrote:

> There are about 80 LDAP modules for Apache.  The one I use verifies the
> password by binding as the user ...

That's a good, portable, future-proof technique.  It enables the LDAP client
software to work correctly without any knowledge of (or dependency on) the
LDAP server's password validation scheme and hash formats.

But I've heard developers argue that the LDAP client can be more efficient
and/or secure, by performing password validation (hash-and-compare) itself,
using password hashes read from the LDAP server.  Perhaps some of those 80
developers implemented it that way.  I don't advocate (or even defend) that
choice.  I merely think that, if they made that choice, they should follow
through and support the hash formats in current use.

Follow-Ups:
- Re: Newbie question: setting userPassword field
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: Newbie question: setting userPassword field
  - From: Dave Carrigan <dave@rudedog.org>

References:
- Re: Newbie question: setting userPassword field
  - From: Dustin Sallings <dustin@spy.net>

Prev by Date: Re: Newbie question: setting userPassword field
Next by Date: Re: Newbie question: setting userPassword field
Index(es):
- Chronological
- Thread