[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6139) slapd: password-hash rejects multiple values


At Mon, 25 May 2009 13:22:47 GMT,
michael@stroeder.com wrote:
> fumiyas@osstech.co.jp wrote:
> > My /etc/openldap/slapd.conf has the following line:
> >   password-hash {CRYPT} {SSHA}
> What exactly do you want to achieve by this?

I use 'password-hash {CLEARTEXT} {CRYPT}' in my slapd.conf
on OpenLDAP 2.3.43 to maintain the clear text password and
the crypt(3)-ed password. 

The {CLEARTEXT} password can be used for:

  1. Generating MD5 has for Digest/CRAM-MD5 authentication.
  2. Notifying a user of the user's current password.
     (This is a rare case, I think.)
  3. Migrating users and their passwords to another system
     in the future.
  4. ... and so on.

The {CRYPT} password can be used for old NIS clients.

-- Name: SATOH Fumiyasu (fumiyas @ osstech co jp)
-- Business Home: http://www.OSSTech.co.jp/
-- Personal Home: http://www.SFO.jp/blog/