[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Newbie question: setting userPassword field

To: "Dan" <dan@fatcanary.com.au>
Subject: RE: Newbie question: setting userPassword field
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 07 Feb 2000 18:31:34 -0800
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <NDBBJHPHJMPNFPEJOKGOKEIBCAAA.dan@fatcanary.com.au>
References: <3.0.5.32.20000207123108.0098ce90@infidel.boolean.net>

At 12:54 PM 2/8/00 +1030, Dan wrote:
>Hmm, this may solve my prob...
>
>> No.  OpenLDAP 1.x recognized hashed values but will not generate them.
>> We have no plans to add any new features to OpenLDAP 1.2.
>
>When you say "recognized"

I mean that the slapd's bind implementation will recognize userPassword
values of the form "{scheme}hashedValue", apply the hash function
implied by the scheme to the asserted password and compare the result
to stored hashedValue as part of the authentication process.

For all other operations (compare,add,modify), userPassword is
treated as a user attribute type of caseExactString syntax.

>I understand the implications of this - plaintext
>passwords would then be transmitted over the net - but this does not concern
>me for the moment.

The implication is that applications must provide hashed values
for all non-bind operations.

Follow-Ups:
- RE: Newbie question: setting userPassword field
  - From: "Dan" <dan@fatcanary.com.au>

References:
- Re: Newbie question: setting userPassword field
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- RE: Newbie question: setting userPassword field
  - From: "Dan" <dan@fatcanary.com.au>

Prev by Date: Re: use of inidexs in acl evaluation.
Next by Date: Re: Newbie question: setting userPassword field
Index(es):
- Chronological
- Thread