[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8380) Feature request: make a plugin like smbk5pwd for the HA1 and HA1b hashes used in DIGEST and HMAC

daniel@pocock.pro wrote:
> Full_Name: Daniel Pocock
> Version:
> OS: Debian
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:1620:b22::2042)
> There are a few protocols that use a HA1[1] password hash, such as HTTP
> DIGEST[1], SIP DIGEST[2] and TURN[3] (which uses HMAC rather than DIGEST)
> Is there a standard LDAP attribute name for storing a HA1 value or
> should it be stored in a regular userPassword attribute as described in
> the manual[4]?

The ITS is not for usage questions. You already asked this and were answered 
on the discussion mailing list.


There is nothing here that requires any OpenLDAP development activity. It's 
all already handled by the SASL Digest mechanism, as I already noted in the 
above email.

Closing this ITS.

> I came across smbk5pwd for keeping SMB password attributes in sync.  Is
> there a similar facility for keeping HA1 passwords in sync when a user
> changes the password or how could a developer go about adding that,
> would the smbk5pwd source be a useful model?
> Discussed on the mailing list already[5]
> 1. http://tools.ietf.org/html/rfc2617#section-3
> 2. https://tools.ietf.org/html/rfc3261#cection-22.4
> 3. https://tools.ietf.org/html/rfc5389#section-15.4
> 4. http://www.openldap.org/doc/admin24/security.html#Password%20Storage
> 5. http://www.openldap.org/lists/openldap-technical/201507/msg00039.html

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/