[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re[2]: userpassword formats

At 10:46 AM 10/13/00 +0800, Kalman KK Wan wrote:
>What hash function does OpenLDAP use to compute the hash of userPassword?

OpenLDAP recognizes a variety of userPassword schemes for
authentication purposes: including hash schemes (e.g: {SSHA}
and {crypt}) as well as schemes which use external secret
storage (e.g.: {UNIX} and {SASL}).   When ldappasswd(1) is
used (or the underlying protocol mechanism), the server generates
the scheme indicated by passwd-hash slapd.conf(5) directive
(defaults to {SSHA}).

>Is it a LDAP standard?

The proposed standard (RFC 2256) calls defines userPassword
as a user attribute which holds a clear text password(s).
All this {hash} stuff violates the technical specification.