Re: password-hash {CLEARTEXT} with slapd 2.3.7

[Tony Earnshaw <billy@billy.demon.nl>]

søn, 11.09.2005 kl. 13.01 skrev Adam Pordzik:

> Pierangelo Masarati wrote:
> > The code where the {CLEARTEXT} scheme is defined differs from that of 
> > other schemes because the berval that contains the scheme name 
> > intentionally has 0 length; I guess this was a hack to allow no scheme 
> 
> Do you mean liblutil/passwd.c ?
> 
> > and {CLEARTEXT} somehow appear as the same scheme, but it broke at some 
> > point.  I'm not sure if setting that length to the actual length of 
> > {CLEARTEXT} will break anything else, but it'll surely fix this issue.  
> > I'd leave this to someone else.
> 
> Sorry, I cannot locate the point, I don't know the sources good enough
> yet. Is there a blueprint, or map, helping me orient in the code?
> 
> If you agree this as a bug, I'll drop an ITS on that.
> 
> Tony, I dont understand what you want telling me: Omitting any password-hash
> defaults for me to SSHA. What is the way you use what?

I use {CLEARTEXT} as standard, since I use SASL MD5 auth. On my test rig
(only a few users, OL 2.3.7) I add a new user with ldapadd and his
(pete's) password is automatically coded in {CLEARTEXT}. Even though
I've had to comment out the line in slapd.conf for slapd to start at
all.

Why this is, I don't know.

> Samuel, what did you misconfigured? changes.txt mentions ITS#3846 in 2.3.5
> but there is to text on this ITS any more.

I should file an ITS, if I were you. It just doesn't affect this
particular rig.

--Tonni

-- 
mail: billy@billy.demon.nl
http://www.billy.demon.nl