[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Why ldap sasl digest-md5 only works for clear password?

Michael Bartosh wrote:
Digest-MD5 is a shared secret mechanism.

Unless I'm mistaken, the server-side data will always have to be stored
either in the clear or encrypted with a key the server knows about.

On Tue, 29 Apr 2003, Ming Deng wrote:

Rpm version: openldap 2.1.16

I want to authenticate users again ldap server with Digest-MD5 SASL
mechanism. If I store user password in clear text format in userPassword
attribute of ldap directory, it works fine. But if I store the password
in any hashed format. e.g. MD5, SHA, it will fail with:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
       additional info: SASL(-13): authentication failure: client
response doesn't match what we generated




I assume "the server" you talked about is slapd, since I don't even have to run saslauthd for those authentication actions. How can I make slapd know the key you mentioned about?