[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password exop and encrypted passwords

At 07:50 AM 6/21/2001, Steve Schultze wrote:
>I'd like to use the new password exop, but I'd also like to store my
>passwords encrypted.  I'm using PADL's pam_ldap and when I change my
>passwords using the password exop, they are stored in plaintext.

password exop only stores hashed passwords.  If what you get
is plaintext, then you're not using password exop. 

>I'd like
>them to be stored encrypted.
>My question is this:  where is the task of encrypting the new password?
>Should pam_ldap encrypt the new password before doing the exop (which I
>*think* would work, correct me if I'm wrong), or should the LDAP server
>encrypt it (which is how I understand iPlanet's server does it)?

Password exop allows the client to provide a clear text value to
which the servers stores as it pleases.  The OpenLDAP server
pleases to use hashed passwords (RFC 2307 style).