[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About Password



At 12:17 PM 1/26/01 -0600, Jajati Samal wrote:
>At present in my Open LDAP server I have define my own password attribute and
>store that in LDAP as a printable charecter rather than useing the attribute
>defined in core.schema.
>
>1. If I use the "userPassword" define in core.schema will it keep as an ecrypted
>formate and while reading will it decrypt and return the actual value.

userPassword is a user attribute and hence holds the value provided by the user.
This can be a clear text password or a RFC 2307 hashed password.  (These are
technically not encrypted, as they cannot be decrypted.)

OpenLDAP 2.0 support the password modify extended operation which generates
the RFC 2307 hashes and stores these in userPassword on behalf of the user.

The FAQ provides information useful to those wishing to generate or make use
of RFC 2307 userPassword values.  http://www.openldap.org/faq/index.cgi?file=419

Kurt