[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question on using MD5 passwords with a client sending cleartext p asswords.



Is there someway to configure OpenLDAP so that we can store passwords in MD5
format and allow clients to pass in cleartext passwords and have Open LDAP
first MD5 the inbound password and then do the compare?

We are not willing to store the passwords in cleartext on our server but
Tarantella (a product we have to use) will only send passwords in the clear.
We are using SSL so the pipe is encrypted but really don't want to store
cleartext passwords. The folks that make Tarantella refuse to convert to MD5
passwords even though their techs agree it is a better idea.

Thanks for any suggestions. I've been poking around in the code but I have
not found a way to do this as yet. I could be convinced to pay for a change
if necessary.

Cheers,

Davidm

---
David Mandala, CTO / VP Engineering
DevelopOnline 660 S. Mill Avenue Suite 400 Tempe, AZ 85281
480 377-6870 T 480 736-9211 F 602 321-8277 C
David.Mandala@developonline.com