[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Passwords n stuff

To: Jim C <jcllings@tsunamicomm.net>, OpenLdap-Software <OpenLdap-Software@OpenLDAP.org>
Subject: Re: Passwords n stuff
From: David Wright <ichbin@shadlen.org>
Date: Tue, 13 Aug 2002 22:54:54 -0700
References: <3D5988DF.1080307@uleth.ca> <200208140855.29961.hardigunawan@inbox.lv> <3D59BC66.5060506@uleth.ca> <200208141058.34579.hardigunawan@inbox.lv> <3D59E12B.5020206@tsunamicomm.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020615 Debian/1.0.0-3

Since you are using Linux, I assume you are using pam-ldap. If you set access to attr=userPassword by anonymous auth in slapd.conf, and configure pam-ldap to bind anonymously, then instead of trying to read the userPassword attribute and compare to a locally computed hash, pam_ldap will just try to bind by sending a password. Since OpenLDAP does the hashing, your clients don't need to know anything about what hash to use.

Typically, you would then use SSL or TLS to mitigate the dangers associated with cleartext password, but if you are using cleartext password with pGINA anyway, this is a moot point.

Follow-Ups:
- Re: Passwords n stuff
  - From: Jim C <jcllings@tsunamicomm.net>

References:
- Uid/Gid Question
  - From: Aly Dharshi <aly.dharshi@uleth.ca>
- Re: Uid/Gid Question
  - From: Aly Dharshi <aly.dharshi@uleth.ca>
- Re: Uid/Gid Question
  - From: Hardi Gunawan <hardigunawan@inbox.lv>
- Passwords n stuff
  - From: Jim C <jcllings@tsunamicomm.net>

Prev by Date: Re: Fw: Re: Problem with SASL authentication method
Next by Date: RE: Memory leak in ldap_initialize()
Index(es):
- Chronological
- Thread