[Date Prev][Date Next]
Re: Passwords n stuff
Since you are using Linux, I assume you are using pam-ldap. If you set
access to attr=userPassword
by anonymous auth
in slapd.conf, and configure pam-ldap to bind anonymously, then instead
of trying to read the userPassword attribute and compare to a locally
computed hash, pam_ldap will just try to bind by sending a password.
Since OpenLDAP does the hashing, your clients don't need to know
anything about what hash to use.
Typically, you would then use SSL or TLS to mitigate the dangers
associated with cleartext password, but if you are using cleartext
password with pGINA anyway, this is a moot point.