[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restrictions based off hash mechanisms (was: ITS#3446)

> a) add a "hash" style to the "attr=<attr> val=<val>" access control
> target.
> b) at ACL parsing require this style for using the "val" target with the
> "userPassword" attribute (or for whatever attribute checked by bind).
> c) pass the values of the userPassword attribute in calls to
> access_allowed() from each backend's bind.
> the above should ensure that an ACL that makes use of the "val" for
> userPassword is strictly using the "hash" style.
> d) the "hash" style must make use only of the hash portion of the
> password, i.e. "(^{[^}]+})" in regex(7) style.

I have a patch for this, which I'll attach to the original ITS.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497