[Date Prev][Date Next]
Re: userpassword encode/hash
At 09:32 AM 8/31/2004, John Wagner wrote:
>I've been wonder if you all could give me a brief on why OpenLDAP
>slapd doesn't automatically encode/hash userpasswords -
A short answer lies in the first sentence of Section 5.36
of RFC 2256, as well as last sentence of Section 6.1 of
draft-ietf-ldapbis-models-xx.txt. The long answer lies
in the archives (of this list, the software list, and
various LDAP/X.500 standardization lists).
>or at least have the option?
We've provided a plugin API would allows those who want to
violate the standards to do so. :-)
>I've wrote a few modifcations the slapd including a simple
>patch/modification to modify.c that will encode/hash the userpassword
>attribute when a mod is done. It also checks to make sure that it
>isn't already encoded if it is it doesn't encode again.
Personally, no. But I likely wouldn't object to inclusion
of a contribWare plugin which did such if it included an
appropriate README detailing how it violates the standards
and the issues that might cause to those choosing to deploy