[Date Prev][Date Next]
Re: password exop and encrypted passwords
At 07:50 AM 6/21/2001, Steve Schultze wrote:
>I'd like to use the new password exop, but I'd also like to store my
>passwords encrypted. I'm using PADL's pam_ldap and when I change my
>passwords using the password exop, they are stored in plaintext.
password exop only stores hashed passwords. If what you get
is plaintext, then you're not using password exop.
>them to be stored encrypted.
>My question is this: where is the task of encrypting the new password?
>Should pam_ldap encrypt the new password before doing the exop (which I
>*think* would work, correct me if I'm wrong), or should the LDAP server
>encrypt it (which is how I understand iPlanet's server does it)?
Password exop allows the client to provide a clear text value to
which the servers stores as it pleases. The OpenLDAP server
pleases to use hashed passwords (RFC 2307 style).
- From: Jehan PROCACCIA <firstname.lastname@example.org>