[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: plain text passwords

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: plain text passwords
From: Ron Chmara <ron@Opus1.COM>
Date: Sat, 17 Mar 2001 00:27:15 -0700
Cc: craigl <pavesi@integrity.com>, openldap-software@OpenLDAP.org
References: <3AB28215.409FCC8B@opus1.com> <5.0.2.1.0.20010316141725.00b04700@router.boolean.net>

"Kurt D. Zeilenga" wrote:
> At 01:41 PM 3/16/01 -0800, craigl wrote:
> >This gets accepted fine with ldap, but when I do a ldapsearch, the
> >password ends up being encrypted like so:
> >userPasword:: aGVoZWhl
> It's not encrypted.
> >Another thing I see is there are 2 colons (::)
> That indicates the value is base-64 encoded.
> See archives as to why our ldapsearch(1) client
> base64 encoded userPassword values.

FWIW: If I am doing something like storing a non-password value
(anything that can be super-easily decrypted isn't exactly useful
as a password), I add a new attribute. This prevents confusion
between broken security (cleartext, or trivially obsfusicated,
passwords) amd generic settings values.

-Bop

--2D426F70|759328624|00101101010000100110111101110000
Personal:  ron@opus1.com, 520-326-6109, http://www.opus1.com/ron/
Work: rchmara@pnsinc.com, 520-546-8993, http://www.pnsinc.com/
The opinions expressed in this email are not necessarily those of myself,
my employers, or any of the other little voices in my head.

References:
- Re: OpenLDAP vs NetScape
  - From: Ron Chmara <ron@Opus1.COM>
- Re: plain text passwords
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Problem with install...
Next by Date: Re: Cool Web / Shell Interfaces?
Index(es):
- Chronological
- Thread