[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userpassword encode/hash

At 09:32 AM 8/31/2004, John Wagner wrote:
>I've been wonder if you all could give me a brief on why OpenLDAP
>slapd doesn't automatically encode/hash userpasswords -

A short answer lies in the first sentence of Section 5.36
of RFC 2256, as well as last sentence of Section 6.1 of
draft-ietf-ldapbis-models-xx.txt.  The long answer lies
in the archives (of this list, the software list, and
various LDAP/X.500 standardization lists).

>or at least have the option?

We've provided a plugin API would allows those who want to
violate the standards to do so. :-)

>I've wrote a few modifcations the slapd including a simple
>patch/modification to modify.c that will encode/hash the userpassword
>attribute when a mod is done.  It also checks to make sure that it
>isn't already encoded if it is it doesn't encode again.
>Any interest? 

Personally, no.  But I likely wouldn't object to inclusion
of a contribWare plugin which did such if it included an
appropriate README detailing how it violates the standards
and the issues that might cause to those choosing to deploy
the plugin.