[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password exop and encrypted passwords


my understanding of LDAP is that it just _stores_ data. it shouldn't change the values in any form. may be that other implementations do something like "crypt" or whatever, (e.g. oracle-ldap (oid) does) but openldap doesn't.


Steve Schultze wrote:

I'd like to use the new password exop, but I'd also like to store my
passwords encrypted.  I'm using PADL's pam_ldap and when I change my
passwords using the password exop, they are stored in plaintext.  I'd like
them to be stored encrypted.

My question is this:  where is the task of encrypting the new password?
Should pam_ldap encrypt the new password before doing the exop (which I
*think* would work, correct me if I'm wrong), or should the LDAP server
encrypt it (which is how I understand iPlanet's server does it)?

Tiefnig Daniel

Seering 6, A-8141 Unterpremstätten

E-Mail: mailto:daniel.tiefnig@infonova.at
Web: http://www.infonova.at