[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: password validation

To: "Kurt D. Zeilenga" <Kurt@openldap.org>
Subject: RE: password validation
From: "Douglas B. Jones" <douglas@gpc.edu>
Date: Mon, 20 Nov 2006 21:46:46 -0500
Cc: Douglas B Jones <douglas@gpc.edu>, openldap-software@openldap.org
Importance: Normal
In-reply-to: <7.0.1.0.0.20061120183651.0336f488@OpenLDAP.org>

Thanks you so much, I never knew this! Thanks for all the help!

-----Original Message-----
From: openldap-software-bounces+douglas=gpc.edu@openldap.org
[mailto:openldap-software-bounces+douglas=gpc.edu@openldap.org]On Behalf
Of Kurt D. Zeilenga
Sent: Monday, November 20, 2006 9:47 PM
To: Douglas B. Jones
Cc: douglas@gpc.edu; openldap-software@openldap.org
Subject: Re: password validation

At 08:36 AM 11/15/2006, Douglas B. Jones wrote:
>b) tries to validate against all three locations.

Your assumption that a crypt(3) password generated on one
system (or by one cyrpt(3) implementation) is verifiable by
another is not generally valid.  It is well known that crypt(3)
behavior (whether by design or by bug) is implementation dependent
and, hence, portability of crypt(3)'ed passwords limited.  This
is why use of {CRYPT} is generally discouraged and why {CRYPT}
support is disabled by default in slapd(8).

This is discussed in the FAQ.
  <http://www.openldap.org/faq/index.cgi?file=344>http://www.openldap.org/faq/index.cgi?file=344

Kurt

References:
- Re: password validation
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: password validation
Next by Date: 2.3 back-bdb, cachesize, idlcachesize, and real memory usage
Index(es):
- Chronological
- Thread