[Date Prev][Date Next]
Re: (ITS#7278) [PATCH] SHA-2: Add support salted SHA-2 password hashes
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7278) [PATCH] SHA-2: Add support salted SHA-2 password hashes
- From: firstname.lastname@example.org
- Date: Tue, 29 May 2012 18:02:50 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Tuesday, May 29, 2012 5:49 PM +0000 email@example.com wrote:
> firstname.lastname@example.org wrote:
>> Why should X user ever need to run this tool to generate a value?
> From slappasswd(8):
> Slappasswd is used to generate an userPassword value suitable
> for use with ldapmodify(1), slapd.conf(5) rootpw configuration
> directive or the slapd-config(5) olcRootPW configuration directive.
> Do you want to restrict this text regarding ldapmodify(1) only for the
> cases that the slappasswd user has also write access to back-config?
The tool has allowed the ability to generate password values for years. It
is not uncommon to use it to do just that. I've often used it to generate
base-64 encoded SSHA values to push into LDIF I will be writing to the
server via ldapmodify. That should not require access to
Sr. Member of Technical Staff
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration