[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: userPassword compare fix

Oni (Paolo Meschi) wrote:

Thanks for the clarification.

I understood that this behaviour will violate the specifications,
however this should be useful to some people. So the possibility to
compare the userPassword hashed value with a cleartext value, for the
standards sake, should be implemented in an (optional) overlay.


Ideally the applications that use compare to verify user credentials should
be fixed (use bind instead). My personal opinion is that nothing should be
done to encourage the survival of such broken applications in the wild.