[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Storing 'userPassword' encrypted via server settings.



Hi,

On Thursday 30 October 2003 16:44, don@swbe.com wrote:
> I've been wowrking towards setting up several HPUX servers to authenticate
> off of openldap.  So far I've got the appropriate schema added so that I
> can run through the ldapux setup without problems and hook nss and pam into
> ldap. Authentication works, but when changing my password via the HPUX
> passwd command it stores the password in clear text on the openldap server.
>  I found this note from 1999 and wondered if there has been any progress.
>
> http://www.openldap.org/lists/openldap-bugs/199910/msg00018.html
>
> Is it possible to change core.schema's attribute type for 'userPassword' to
> accomplish server based encryption?

I don't know anything about HP/UX but if you use pam_ldap from PADL
on your HPUX boxes you should be able to configure how passwords are
stored using the 'pam_password' config option in pam_ldap's config file
/etc/ldap.conf (note: this is different from OpenLDAP's client config file 
/etc/openldap/ldap.conf).
For some values of 'pam_password' a special value 'password-hash' in 
slapd's configuration file on the server /etc/openldap/slapd.conf might be 
necessary.

Peter

-- 
Peter Marschall
eMail: peter@adpm.de