[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypted Passwords

To: tgagne@efinnet.com
Subject: Re: Encrypted Passwords
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 16 Nov 2001 18:39:24 +0100
Cc: openldap list <openldap-software@OpenLDAP.org>
Organization: stroeder.com
References: <3BF52830.64D1F1C0@ameritech.net> <20011116101304.C32266@usa.net> <3BF53808.BECA4955@ix.netcom.com>

Thomas Gagne wrote:
> 
> When you do basic authentication on a web server, the password arrives in the
> CGI script encrypted.

No, unless the web server and the client are doing digest
authentication which is very unlikely.

> I was wondering if this encrypted password could be
> passed to an LDAP server, and your response suggests it cannot (should not).

The password is not "encrypted". It's hashed.

http://www.openldap.org/faq/data/cache/419.html

Ciao, Michael.

Follow-Ups:
- Re: Encrypted Passwords
  - From: Julio Sanchez Fernandez <j_sanchez@stl.es>

References:
- Encrypted Passwords
  - From: Thomas Gagne <tgagne@ameritech.net>
- Re: Encrypted Passwords
  - From: Peter W <peterw@usa.net>
- Re: Encrypted Passwords
  - From: Thomas Gagne <tgagne@ix.netcom.com>

Prev by Date: Re: secure replication (slurpd, TLS)
Next by Date: Back-sql and reserved words
Index(es):
- Chronological
- Thread