[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Confused about md5 passwords


That was a good test.

If anybody runs a sniffer on your network, they would see the same thing.

Kerberos with Ldap might be a solution you might want to look into.



On Wed, Dec 12, 2001 at 11:15:45AM -0500, Harry Hoffman wrote:
> Hi All,
>   I'm a little confused and hopefully someone can help. I've added users into my ldap db with md5 passwords and authentication is working just fine. However when I use ngrep to watch the traffic between the application requesting autentication and the ldap db I see the password in clear text.
> Should this be happening? If so what purpose does moving to md5 present? Or is it just that should someone be able to grab the ldap passwords it will be more difficult to crack?
> Relavant info:
> Openldap 2.0.11
> nss_ldap 149-4
> Redhat 7.1
> All users are in ldap db and not in /etc/passwd or /etc/shadow.
> Thanks,
> Harry
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/