[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userpassword encryption

To: "Doisneau, Olivier" <ODoisneau@interpublic.com>
Subject: Re: userpassword encryption
From: Ian Logan <ian@nmsu.edu>
Date: Wed, 9 Apr 2003 16:52:53 -0600
Cc: "'openldap-software@OpenLDAP.org'" <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <51D4DF85EA72D511AF1900B0D0AB897601854E8D@nt25.interpublic.com>
References: <51D4DF85EA72D511AF1900B0D0AB897601854E8D@nt25.interpublic.com>
User-agent: Mutt/1.4i

Okay,
First of all, you should NOT expect instant answers to your questions.

The password-hash determines how passwords are encrypted when slapd
is setting the password with the password modify operation 
(which is what ldappasswd does).

When you use ldapmodify, you are updating the attribute not slapd.
So if you want it encrypted, you need to encrypt it and supply
the encrypted/hashed value to ldapmodify.

See ldappasswd(1) and slapd.conf(5) for details.

On Wed, Apr 09, 2003 at 03:13:25PM -0400, Doisneau, Olivier wrote:
> does anyone have any answers to this?
> 
> > -----Original Message-----
> > From:	Doisneau, Olivier [SMTP:ODoisneau@interpublic.com]
> > Sent:	Wednesday, April 09, 2003 11:29 AM
> > To:	'openldap-software@OpenLDAP.org'
> > Subject:	userpassword encryption
> > 
> > well, I finally understand why I could not connect before.   I was using a
> > different kind of encryption for the user password.   So I reconfigured
> > openldap with the --enable-crypt option.
> > 
> > I also added the following line in the slapd.conf   password-hash {CRYPT} 
> > 
> > however, if I do an ldapmodify, it shows me the userpassword as clear
> > text.   Does anyone have any good docs on userpassword encryption?
> > 
> > Thanks 
> > 
> > 
> > 
> > This message contains information which may be confidential and
> > privileged. Unless you are the intended recipient (or authorized to
> > receive this message for the intended recipient), you may not use, copy,
> > disseminate or disclose to anyone the message or any information contained
> > in the message. If you have received the message in error, please advise
> > the sender by reply e-mail, and delete the message. Thank you very much. 
> > 
> > 
> > 
> > 
> This message contains information which may be confidential and privileged.
> Unless you are the intended recipient (or authorized to receive this message
> for the intended recipient), you may not use, copy, disseminate or disclose
> to anyone the message or any information contained in the message. If you
> have received the message in error, please advise the sender by reply
> e-mail, and delete the message. Thank you very much. 
> 
>

Follow-Ups:
- openldap 2.0.x generic ssl certificate
  - From: Andrew Thomson <ajthomson@optushome.com.au>

References:
- RE: userpassword encryption
  - From: "Doisneau, Olivier" <ODoisneau@interpublic.com>

Prev by Date: Re: Using ldapdelete to delete a user from a group
Next by Date: Re: schema
Index(es):
- Chronological
- Thread