[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Hashed passwords in userpassword

To: "Michael Ströder" <michael.stroeder@inka.de>, <openldap-general@OpenLDAP.org>
Subject: Re: Hashed passwords in userpassword
From: "Mark Wilcox" <mark@mjwilcox.com>
Date: Sat, 25 Sep 1999 13:47:42 -0500

Client's shouldn't pre-encrypt the password because you don't know how the
LDAP server is going to encrypt those passwords.

Instead pass it the plaintext value to the server. Let the server encrypt it
how it sees fit.
If you want to protect the password during transmission over the network, do
it via secure channels such as SSL.

Anything else, and you could be asking for trouble.

Mark
-----Original Message-----
From: Michael Ströder <michael.stroeder@inka.de>
To: openldap-general@OpenLDAP.org <openldap-general@OpenLDAP.org>
Date: Saturday, September 25, 1999 1:28 PM
Subject: Hashed passwords in userpassword


>HI!
>
>Actually I'm integrating support for setting/modifying encrypted/hashed
>passwords in my WWW-LDAP-gateway.
>
>This works fine with using crypt, e.g.
>
>userpassword: {CRYPT}.5X.al91HG.WI
>
>But what's the scheme for using MD5 or SHA-1 hashed passwords? I saw
>some examples but forgot where.
>Is there already support for hashed passwords in OpenLDAP?
>
>Ciao, Michael.
>
>

Prev by Date: Hashed passwords in userpassword
Next by Date: Re: Hashed passwords in userpassword
Index(es):
- Chronological
- Thread