[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypted Passwords

On Fri, Nov 16, 2001 at 09:52:32AM -0500, Thomas Gagne wrote:

> It's nice of web servers to get users'  logins and passwords, but I need to
> authenticate the password in my application (not through the server) to LDAP.
> Question is, if the web server is encrypting the password, (it looks like
> "{crypt}87dfhak//4s") how can I pass that string to openLDAP, or must I
> decrypt it first, or get it in the clear to begin with?

What do you mean the password looks like "{crypt}87dfhak//4s"?
Are you trying to transfer a set of passwords that look like 
"{crypt}87dfhak//4s" to an LDAP repository? 

Generally speaking
 - LDAP should hold encrypted hashes of passwords
 - the Web server should not alter the data it gets from the client/browser
 - the application will need the cleartext client-supplied username and
   password values to authenticate against LDAP

If you've got the encrypted passwords in LDAP and LDAP queries verify that 
it looks good (please read the OpenLDAP admin guide if you have questions 
about "::" in LDIF output), then this is really a question for your Web 
server & application framework vendors, right?