[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8380) Feature request: make a plugin like smbk5pwd for the HA1 and HA1b hashes used in DIGEST and HMAC

daniel@pocock.pro wrote:
> Full_Name: Daniel Pocock
> Version:
> OS: Debian
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:1620:b22::2042)
>
>
> There are a few protocols that use a HA1[1] password hash, such as HTTP
> DIGEST[1], SIP DIGEST[2] and TURN[3] (which uses HMAC rather than DIGEST)
>
> Is there a standard LDAP attribute name for storing a HA1 value or
> should it be stored in a regular userPassword attribute as described in
> the manual[4]?

The ITS is not for usage questions. You already asked this and were answered 
on the discussion mailing list.

http://www.openldap.org/lists/openldap-technical/201507/msg00073.html

There is nothing here that requires any OpenLDAP development activity. It's 
all already handled by the SASL Digest mechanism, as I already noted in the 
above email.

Closing this ITS.

> I came across smbk5pwd for keeping SMB password attributes in sync.  Is
> there a similar facility for keeping HA1 passwords in sync when a user
> changes the password or how could a developer go about adding that,
> would the smbk5pwd source be a useful model?
>
> Discussed on the mailing list already[5]
>
> 1. http://tools.ietf.org/html/rfc2617#section-3
> 2. https://tools.ietf.org/html/rfc3261#cection-22.4
> 3. https://tools.ietf.org/html/rfc5389#section-15.4
> 4. http://www.openldap.org/doc/admin24/security.html#Password%20Storage
> 5. http://www.openldap.org/lists/openldap-technical/201507/msg00039.html
>
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/