[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: forcing password hash

To: Jim Boden <jboden508@yahoo.com>
Subject: Re: forcing password hash
From: Howard Chu <hyc@symas.com>
Date: Mon, 19 Dec 2005 14:19:02 -0800
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <6.2.1.2.0.20051219124449.02849510@mail.openldap.org>
References: <20051219195704.66920.qmail@web36315.mail.mud.yahoo.com> <6.2.1.2.0.20051219124449.02849510@mail.openldap.org>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051209 SeaMonkey/1.5a

Kurt D. Zeilenga wrote:

At 11:57 AM 12/19/2005, Jim Boden wrote:
Is there a way to force openldap to hash the userPassword entry if the client does not?
As distributed, no. slapd(8) preserves the value of userPassword precisely as presented.
But if the client does not use exop, is there anything we can do to force a hash?
One could, I guess, write an overlay to hash the value on
behalf of the client.

The ppolicy overlay has a config option to force hashing on Modifies and Adds. See slapo-ppolicy(5).

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

References:
- forcing password hash
  - From: Jim Boden <jboden508@yahoo.com>
- Re: forcing password hash
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: problem building comp_match module
Next by Date: Re: BerkeleyDB42.patch
Index(es):
- Chronological
- Thread