[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: How can I get OpenLDAP to hash passwords as crypt?

To: "Kervin L. Pierre" <kervin@blueprint-tech.com>, "David Wright" <ichbin@shadlen.org>
Subject: RE: How can I get OpenLDAP to hash passwords as crypt?
From: "Howard Chu" <hyc@highlandsun.com>
Date: Wed, 10 Jul 2002 22:09:14 -0700
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <3D2CFF2E.3020700@blueprint-tech.com>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Kervin L.
> Pierre

> I guess it's a habit from iPlanet, I assumed that's how it worked with
> OpenLDAP as well.
>
> Having ldap modifies to the userpassword attribute automatically hashed
> using the default hash mechanism if none is specified is a useful feature.
>
> That way, ldap client code that change passwords don't need to have the
> hash function at their disposable.  As it stands now every client that
> modifies userpasswords in the directory will need a compatible crypt()
> function call.  Plus with a single crypt function the results of the
> hash would be consistant.

That is what the modifyPassword ExOp is for. Having side-effects on the
standard Modify op goes against the protocol definition, and really goes
against the spirit of the protocol as well. Anyway, if you use the
modifyPassword
operation then your clients can remain crypt-independent.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: How can I get OpenLDAP to hash passwords as crypt?
  - From: "Kervin L. Pierre" <kervin@blueprint-tech.com>

References:
- Re: How can I get OpenLDAP to hash passwords as crypt?
  - From: "Kervin L. Pierre" <kervin@blueprint-tech.com>

Prev by Date: Re: security issue
Next by Date: Re: User account policies
Index(es):
- Chronological
- Thread