[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: RFC2256: userPassword
Helmut Volpers wrote:
> > They aren't. It's a philisophical position that they
> > can be read, somehow. This is why we use one-way
> > hashes for passwords rather than storing cleartext.
>
> How do you replicate one-way hashed passwords to any other server ?
> Can you make a LDIF dump (for backup) and load the data to another
> server ?
Yes, yes.
> Is the question really how to store it in the server ? the question is
> how
> the password goes over the wire.
I'm not seeing the problem.
They go over-the-wire just like any
other attribute value. If the hashed
value is stored, then the hashed value
will be propagated over the wire to
other servers.