[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Newbie question: setting userPassword field

At 12:54 PM 2/8/00 +1030, Dan wrote:
>Hmm, this may solve my prob...
>> No.  OpenLDAP 1.x recognized hashed values but will not generate them.
>> We have no plans to add any new features to OpenLDAP 1.2.
>When you say "recognized"

I mean that the slapd's bind implementation will recognize userPassword
values of the form "{scheme}hashedValue", apply the hash function
implied by the scheme to the asserted password and compare the result
to stored hashedValue as part of the authentication process.

For all other operations (compare,add,modify), userPassword is
treated as a user attribute type of caseExactString syntax.

>I understand the implications of this - plaintext
>passwords would then be transmitted over the net - but this does not concern
>me for the moment.

The implication is that applications must provide hashed values
for all non-bind operations.