[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypting Authentication Passwords.

To: Barry Wright <barry@atlas.otago.ac.nz>
Subject: Re: Encrypting Authentication Passwords.
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 22 Jan 2001 21:52:00 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.OSF.4.21.0101221140180.4905-100000@atlas.otago.ac.nz>

TLS (SSL) provides transport layer protections including
data stream encryption.  That is, TLS protects data in
transit.  1.2 does not support TLS.

Passwords may be hashed, not encrypted.  In 1.2, hashing
must be done by the client such as ldappasswd(1).  Very
few clients implement password hashing.

IIRC, the PADL PAM/NSS modules support password hashing and
TLS.  Details regard features of PADL software can be obtained
by review their document or using lists <pamldap@padl.com>
or <nssldap@padl.com> (depending on which of their modules
you are using).

Kurt

References:
- Encrypting Authentication Passwords.
  - From: Barry Wright <barry@atlas.otago.ac.nz>

Prev by Date: Re: Access control for services
Next by Date: Open LDAP configuration
Index(es):
- Chronological
- Thread