[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ppolicy + slapcat = ldif vulnerability?

To: "Clowser, Jeff (Contractor)" <jeff_clowser@fanniemae.com>
Subject: RE: ppolicy + slapcat = ldif vulnerability?
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Tue, 4 Dec 2007 16:28:30 +0100
Cc: Scott Classen <SClassen@lbl.gov>, openldap-software@openldap.org
In-reply-to: <C65F80C878CCF24A9BC19646DE2DCA62C34DCF@EXVG.fanniemae.com>
References: <f5fe535c34bd.47541303@lbl.gov> <C65F80C878CCF24A9BC19646DE2DCA62C34DCF@EXVG.fanniemae.com>

Clowser, Jeff (Contractor) writes:
> My biggest question would be why these 2 attributes are treated
> differently - i.e. are userpassword and pwdhistory different types or
> something to trigger different behaviour, or does slapcat just
> hardcode userpassword as an attribute to base64 hash, etc?

slapcat and ldapsearch (via liblutil/ldif.c) hardcode that userPassword
is base64-encoded.  So are '<attribute>;binary', attribute values which
contain 8-bit characters, and some other special cases.

-- 
Regards,
Hallvard

References:
- ppolicy + slapcat = ldif vulnerability?
  - From: Scott Classen <SClassen@lbl.gov>
- RE: ppolicy + slapcat = ldif vulnerability?
  - From: "Clowser, Jeff (Contractor)" <jeff_clowser@fanniemae.com>

Prev by Date: RE: ppolicy + slapcat = ldif vulnerability?
Next by Date: Problem with K5KEY implementation
Index(es):
- Chronological
- Thread