[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: disable password hash
Hi,
looked into it. 'password-hash {CLEARTEXT}' fails and I have '#define
SLAPD_CLEARTEXT 1' set I'm sure.
I think the cleartext schema is always ingored since in
libries/libutil/passwd.c, in get_schemes()
for( i=0; pw_schemes[i].name.bv_val; i++) {
if( pw_schemes[i].name.bv_len == 0 ) continue;
if( strncasecmp(scheme, pw_schemes[i].name.bv_val,
pw_schemes[i].name.bv_len) == 0 )
{
return &pw_schemes[i];
}
}
return NULL;
but cleartext is defined as ...
#ifdef SLAPD_CLEARTEXT
/* psuedo scheme */
{ {0, "{CLEARTEXT}"}, NULL, NULL },
#endif
cleartext's name.bv_len is *always* zero, therefore fails. Shouldn't this be
#ifdef SLAPD_CLEARTEXT
/* psuedo scheme */
{ {sizeof("{CLEARTEXT}")-1, "{CLEARTEXT}"}, NULL, NULL },
#endif
like the others?
--Kervin
>> -----Original Message-----
>> From: owner-openldap-software@OpenLDAP.org
>> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
>> kervin@blueprint-tech.com
>
>> I'd like to disable password hashing in slapd. Does anyone know have
>> to do this?
>
> Yes, but (seems to be the week for this) - why?
>
>> I've seen the "password-hash" slapd.conf option in the slapd.conf man
>> page, but it does not allow me to set the hash function to "NONE",
>> which is basically what I want to do.
>>
>> Any ideas?
>
> Use the Source, luke...
>>
>> --Kervin
>>
>
> Use the {CLEARTEXT} scheme. slapd must have been configured with
> --enable-cleartext for this to work.
>
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support