[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword encryption

To: Jonathan Clarke <jonathan@phillipoux.net>
Subject: Re: userPassword encryption
From: Michael Ströder <michael@stroeder.com>
Date: Mon, 07 Dec 2009 20:44:06 +0100
Cc: Alex Naranjo <alexnaranjo85@yahoo.es>, openldap-technical@openldap.org
In-reply-to: <4B1D0983.70409@phillipoux.net>
References: <642415.64312.qm@web25503.mail.ukl.yahoo.com> <4B1D0983.70409@phillipoux.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.23) Gecko/20090823 SeaMonkey/1.1.18

Jonathan Clarke wrote:
> On 06/12/09 00:12, Alex Naranjo wrote:
>> Hi:
>> My problem is the following i need to store user password in an openldap
>> server but the user password can not be encrypted. I know that openldap
>> use hashing algothitm to store this attribute and that i can use clear
>> text, but i want to store user password using a reversible algorithm not
>> clear text.
>> The Active directory accounts has an option (Store Password using
>> Reversible Encryption) that permit this. Is there any option like this
>> in an openldap server?
> 
> There is nothing built-in to OpenLDAP to do this automatically.
> 
> However, you can very easily use any attribute to store this, and store
> an encrypted value of the password in it, using whatever front-end you
> use to update passwords.

I think the original poster should tell us how the password are to be set and
used.

> Alternatively, you could write or adapt an overlay to do this
> automatically.

Yes. But the big question is which key to use and how this key is secured.

Ciao, Michael.

References:
- userPassword encryption
  - From: Alex Naranjo <alexnaranjo85@yahoo.es>
- Re: userPassword encryption
  - From: Jonathan Clarke <jonathan@phillipoux.net>

Prev by Date: RE: restrict host login based on group
Next by Date: Re: Password policy : Check_password module for debian
Index(es):
- Chronological
- Thread