[Date Prev][Date Next]
Re: Passwords n stuff
Since you are using Linux, I assume you are using pam-ldap. If you set
access to attr=userPassword
by anonymous auth
in slapd.conf, and configure pam-ldap to bind anonymously, then
instead of trying to read the userPassword attribute and compare to a
locally computed hash, pam_ldap will just try to bind by sending a
password. Since OpenLDAP does the hashing, your clients don't need to
know anything about what hash to use.
Typically, you would then use SSL or TLS to mitigate the dangers
associated with cleartext password, but if you are using cleartext
password with pGINA anyway, this is a moot point.
Thanks, that is probably what I was looking for. :-)
Umm... wait... How is this a moot point?