[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password exop and encrypted passwords

To: Steve Schultze <sjs@gospelcom.net>
Subject: Re: password exop and encrypted passwords
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 21 Jun 2001 08:23:42 -0700
Cc: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
In-reply-to: <Pine.LNX.4.33.0106211046320.4725-100000@malachi.gf.gospelc om.net>
References: <3B31F931.AB9B9288@int-evry.fr>

At 07:50 AM 6/21/2001, Steve Schultze wrote:
>I'd like to use the new password exop, but I'd also like to store my
>passwords encrypted.  I'm using PADL's pam_ldap and when I change my
>passwords using the password exop, they are stored in plaintext.

password exop only stores hashed passwords.  If what you get
is plaintext, then you're not using password exop. 

>I'd like
>them to be stored encrypted.
>
>My question is this:  where is the task of encrypting the new password?
>Should pam_ldap encrypt the new password before doing the exop (which I
>*think* would work, correct me if I'm wrong), or should the LDAP server
>encrypt it (which is how I understand iPlanet's server does it)?

Password exop allows the client to provide a clear text value to
which the servers stores as it pleases.  The OpenLDAP server
pleases to use hashed passwords (RFC 2307 style).

Kurt

Follow-Ups:
- Re: password exop and encrypted passwords
  - From: Oliver Egginger <Oliver.Egginger@mni.fh-giessen.de>

References:
- alias
  - From: Jehan PROCACCIA <jehan.procaccia@int-evry.fr>

Prev by Date: Re: password exop and encrypted passwords
Next by Date: Re: password exop and encrypted passwords
Index(es):
- Chronological
- Thread