[Date Prev][Date Next] [Chronological] [Thread] [Top]

Confused about md5 passwords

Hi All,
  I'm a little confused and hopefully someone can help. I've added users into my ldap db with md5 passwords and authentication is working just fine. However when I use ngrep to watch the traffic between the application requesting autentication and the ldap db I see the password in clear text.
Should this be happening? If so what purpose does moving to md5 present? Or is it just that should someone be able to grab the ldap passwords it will be more difficult to crack?

Relavant info:
Openldap 2.0.11
nss_ldap 149-4
Redhat 7.1
All users are in ldap db and not in /etc/passwd or /etc/shadow.


This mail sent through IMP: http://horde.org/imp/