[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd crypting userPassword attribute

To: Vishwanath <vishwanath@inablers.net>
Subject: Re: slapd crypting userPassword attribute
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 03 Oct 2001 15:46:26 +0200
Cc: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
Organization: stroeder.com
References: <3BBACE50.B6565794@inablers.net> <3BBB0E41.282666F3@stroeder.com> <3BBB0F56.87ABBAED@inablers.net>

Vishwanath wrote:
> 
> But qmail requires in this format
> 
> userPassword: {crypt}vi1Khw/oD2nzE

qmail-ldap should check the password by doing a bind request not via
direct compare of the userPassword attribute. For security reasons
the userPassword attribute should not even be readable!

If qmail-ldap really directly compares the userPassword attribute
hard-coded with scheme {crypt} then it's highly broken. But I doubt
that.

Ciao, Michael.

References:
- slapd crypting userPassword attribute
  - From: Vishwanath <vishwanath@inablers.net>
- Re: slapd crypting userPassword attribute
  - From: Michael Ströder <michael@stroeder.com>
- Re: slapd crypting userPassword attribute
  - From: Vishwanath <vishwanath@inablers.net>

Prev by Date: Re: slapd crypting userPassword attribute
Next by Date: Re: LDAP Linux user authentication problem
Index(es):
- Chronological
- Thread