[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Antwort: Re: When/why use slappasswd or any password digests [Virus checked]

To: "Howard Chu" <hyc@highlandsun.com>
Subject: RE: Antwort: Re: When/why use slappasswd or any password digests [Virus checked]
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 25 Mar 2004 07:41:50 -0800
Cc: <denis.havlik@t-mobile.at>, <openldap-software@OpenLDAP.org>
In-reply-to: <00cc01c4124d$4b537940$0e01a8c0@CELLO>
References: <OF170C903A.17E8D599-ONC1256E62.002EB5A4-C1256E62.002FFC93@t-mobile.at> <00cc01c4124d$4b537940$0e01a8c0@CELLO>

At 01:40 AM 3/25/2004, Howard Chu wrote:
>>1) Is this part of the LDAP standard, or OpenLDAP specific?
>The general behavior was described in RFC2307,

I note that RFC 2307 is not a Standard Track document.
It is Experimental and known to conflict with the
Standard Track specification (namely RFC 2256).

>which also defined the
>{crypt}, {md5}, and {sha} schemes. The other schemes are not standardized. 

So, from a technical specification point of view, none of these
schemes are standardized.

Now one could say some schemes are "defacto" standards.  In this
case, I'd include {SSHA} in a list of such scheme.  I would not
list {CRYPT}, as even when it is supported, the version of
crypt(3) used differs wildly.

Beyond this though, servers which do support such schemes
do support them by different means.

So, overall, I consider this stuff all quite experimental and,
in the long term, a bad thing (as it conflicts with the Standard
Track handling of userPassword).

Kurt

References:
- Antwort: Re: When/why use slappasswd or any password digests [Virus checked]
  - From: denis.havlik@t-mobile.at
- RE: Antwort: Re: When/why use slappasswd or any password digests [Virus checked]
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: Is there an "official" Mozilla schema for OpenLDAP
Next by Date: Re: Is there an "official" Mozilla schema for OpenLDAP
Index(es):
- Chronological
- Thread