[Date Prev][Date Next] [Chronological] [Thread] [Top]

PHP authentication with encrypted password

To: openldap-software@OpenLDAP.org
Subject: PHP authentication with encrypted password
From: Hardi Gunawan <hardigunawan@yahoo.com>
Date: Tue, 15 Jul 2003 23:56:36 -0700 (PDT)

Hi list,

I needed help in programming PHP authenticating to
OpenLDAP server.

Currently, I'm passing the cleartext password to
ldap_bind() and it works ok.  However, since I'm going
to use session, I don't want to keep the password in
the session as cleartext in order for PHP to
authenticate again to OpenLDAP.

I was thinking of hashing the password with md5 before
saving it in the session.  However, ldap_bind() does
not accept encrypted password (I think because the
ldap API will hash the cleartext password and compare
it with the one in the LDAP database).

Reading the mailing list archive, seems that this
method is not possible.  Has anyone find a way to
circumvent this?

Thank you.

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

Follow-Ups:
- Re: PHP authentication with encrypted password
  - From: Edward Rudd <eddie@omegaware.com>
- Re: PHP authentication with encrypted password
  - From: "Paul Wilson" <elviscious@rmci.net>

Prev by Date: Newbie
Next by Date: Writing to slave
Index(es):
- Chronological
- Thread