[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authentification issue with clear text password

To: openldap-technical@openldap.org
Subject: Re: authentification issue with clear text password
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Thu, 16 Feb 2012 09:21:09 +0200
Cc: Szilard Gyorgy <szilard@gyorgy.net>
In-reply-to: <001201ccebe4$c888c860$599a5920$@gyorgy.net>
References: <001301ccebd6$4f7ecae0$ee7c60a0$@gyorgy.net> <4F3BA185.9030809@ayni.com> <001201ccebe4$c888c860$599a5920$@gyorgy.net>
User-agent: KMail/1.13.7 (Linux/2.6.38.8-desktop-9.mga; KDE/4.6.5; x86_64; ; )

On Wednesday, 15 February 2012 15:21:53 Szilard Gyorgy wrote:
> HI Suomi
> 
> Yes, but I need all this for my Cisco router

AFAIK, Cisco routers don't support LDAP authentication, but instead RADIUS 
(e.g. for VPN authentication), TACACS+ and Kerberos (e.g. administrative 
acces).

Maybe you can provide more information on the software that actually 
communicates with LDAP (such as your RADIUS server).

> where I can't do any pre
> encryption - the password is sent for compaction in clear text so I need to
> make that compare to return true if the password is correct.

An LDAP client that can't do a simple bind is a broken LDAP client. FreeRADIUS 
may by default do a compare, but it can be configured to bind instead.

> Can I setup ldap to store the password in different format ?

That would reduce your overall security.

Regards,
Buchan

References:
- authentification issue with clear text password
  - From: "Szilard Gyorgy" <szilard@gyorgy.net>
- Re: authentification issue with clear text password
  - From: anax <anax@ayni.com>
- RE: authentification issue with clear text password
  - From: "Szilard Gyorgy" <szilard@gyorgy.net>

Prev by Date: Re: password policy
Next by Date: Re: password policy
Index(es):
- Chronological
- Thread