[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Why ldap sasl digest-md5 only works for clear password?

To: Ming Deng <mingd@oeone.com>
Subject: Re: Why ldap sasl digest-md5 only works for clear password?
From: Michael Bartosh <mbartosh@4am-media.com>
Date: Tue, 29 Apr 2003 12:16:22 -0600 (MDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3EAEBE31.6020800@oeone.com>
References: <3EAEBE31.6020800@oeone.com>

Digest-MD5 is a shared secret mechanism.

Unless I'm mistaken, the server-side data will always have to be stored
either in the clear or encrypted with a key the server knows about.

On Tue, 29 Apr 2003, Ming Deng wrote:

> Rpm version: openldap 2.1.16
>
> I want to authenticate users again ldap server with Digest-MD5 SASL
> mechanism. If I store user password in clear text format in userPassword
> attribute of ldap directory, it works fine. But if I store the password
> in any hashed format. e.g. MD5, SHA, it will fail with:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>        additional info: SASL(-13): authentication failure: client
> response doesn't match what we generated
>
> Thanks,
>
> Ming
>
>

Follow-Ups:
- Re: Why ldap sasl digest-md5 only works for clear password?
  - From: Ming Deng <mingd@oeone.com>

References:
- Why ldap sasl digest-md5 only works for clear password?
  - From: Ming Deng <mingd@oeone.com>

Prev by Date: help with groups?
Next by Date: children.entry does not work anymore in ACL after 2.1.16
Index(es):
- Chronological
- Thread