[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Passwords n stuff

To: OpenLdap-Software <OpenLdap-Software@OpenLDAP.org>
Subject: Re: Passwords n stuff
From: Jim C <jcllings@tsunamicomm.net>
Date: Wed, 14 Aug 2002 05:38:27 -0700
References: <3D5988DF.1080307@uleth.ca> <200208140855.29961.hardigunawan@inbox.lv> <3D59BC66.5060506@uleth.ca> <200208141058.34579.hardigunawan@inbox.lv> <3D59E12B.5020206@tsunamicomm.net> <3D59F0AE.1060005@shadlen.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.8) Gecko/20020204

Since you are using Linux, I assume you are using pam-ldap. If you set access to attr=userPassword by anonymous auth in slapd.conf, and configure pam-ldap to bind anonymously, then instead of trying to read the userPassword attribute and compare to a locally computed hash, pam_ldap will just try to bind by sending a password. Since OpenLDAP does the hashing, your clients don't need to know anything about what hash to use.

Typically, you would then use SSL or TLS to mitigate the dangers associated with cleartext password, but if you are using cleartext password with pGINA anyway, this is a moot point.

Thanks, that is probably what I was looking for. :-) Umm... wait... How is this a moot point?

References:
- Uid/Gid Question
  - From: Aly Dharshi <aly.dharshi@uleth.ca>
- Re: Uid/Gid Question
  - From: Aly Dharshi <aly.dharshi@uleth.ca>
- Re: Uid/Gid Question
  - From: Hardi Gunawan <hardigunawan@inbox.lv>
- Passwords n stuff
  - From: Jim C <jcllings@tsunamicomm.net>
- Re: Passwords n stuff
  - From: David Wright <ichbin@shadlen.org>

Prev by Date: Re[2]: LDAP & MYSQL is it possible?
Next by Date: indexing question
Index(es):
- Chronological
- Thread