[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8380) Feature request: make a plugin like smbk5pwd for the HA1 and HA1b hashes used in DIGEST and HMAC
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8380) Feature request: make a plugin like smbk5pwd for the HA1 and HA1b hashes used in DIGEST and HMAC
- From: hyc@symas.com
- Date: Sun, 06 Mar 2016 19:00:34 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
daniel@pocock.pro wrote:
> Full_Name: Daniel Pocock
> Version:
> OS: Debian
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:1620:b22::2042)
>
>
> There are a few protocols that use a HA1[1] password hash, such as HTTP
> DIGEST[1], SIP DIGEST[2] and TURN[3] (which uses HMAC rather than DIGEST)
>
> Is there a standard LDAP attribute name for storing a HA1 value or
> should it be stored in a regular userPassword attribute as described in
> the manual[4]?
The ITS is not for usage questions. You already asked this and were answered
on the discussion mailing list.
http://www.openldap.org/lists/openldap-technical/201507/msg00073.html
There is nothing here that requires any OpenLDAP development activity. It's
all already handled by the SASL Digest mechanism, as I already noted in the
above email.
Closing this ITS.
> I came across smbk5pwd for keeping SMB password attributes in sync. Is
> there a similar facility for keeping HA1 passwords in sync when a user
> changes the password or how could a developer go about adding that,
> would the smbk5pwd source be a useful model?
>
> Discussed on the mailing list already[5]
>
> 1. http://tools.ietf.org/html/rfc2617#section-3
> 2. https://tools.ietf.org/html/rfc3261#cection-22.4
> 3. https://tools.ietf.org/html/rfc5389#section-15.4
> 4. http://www.openldap.org/doc/admin24/security.html#Password%20Storage
> 5. http://www.openldap.org/lists/openldap-technical/201507/msg00039.html
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/