Re: SASL and PAM based password changing

[Norbert Klasen <norbert.klasen@daasi.de>]

--On Donnerstag, 7. Februar 2002 19:44 +0530 Shanker Balan 
<shanu@exocore.com> wrote:

> Correct. Hmm... so what purpose does the OpenLDAP "extended operations"
> serve?

The "Password Modify Extended Operation" (see RFC 3062) has been defined to 
create a standard way for updating a user's password. As currently 
implemented in OpenLDAP, it will automatically hash the password before 
storing it in the userPassword attribute type.

Some servers (e.g. Netscape IIRC) also automatically hash the userPassword 
attribute on basic ldap protocol operations such as add or modify. However, 
this does not conform to the X.500 data model as you write some value into 
the directory but will get back something else if you read it again.

You are free to add code to passwd_extop() in servers/slapd/passwd.c to 
update other credential stores...

--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de