[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd crypting userPassword attribute

Vishwanath wrote:
> But qmail requires in this format
> userPassword: {crypt}vi1Khw/oD2nzE

qmail-ldap should check the password by doing a bind request not via
direct compare of the userPassword attribute. For security reasons
the userPassword attribute should not even be readable!

If qmail-ldap really directly compares the userPassword attribute
hard-coded with scheme {crypt} then it's highly broken. But I doubt

Ciao, Michael.