[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword: {UNIX}uid [was: Authentication with UNIX username/password (ITS#212)]

"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> writes:

> I've committed changes based upon ST's submission...
> Given entries:
> 	dn: cn=user,dc=foo
> 	objectclass: person
> 	cn: user
> 	userPassword: {UNIX}uid

I don't know...  A user that can change this to point to some other
uid can then use slapd to crack that other uid password.

With little trace in system's security logs...

A little bit scary.  Some daemons used to allow this and have always
been problematic.