[Date Prev][Date Next]
Re: PHP authentication with encrypted password
A trick that I used to use when authenticating users to a mysql database
They login to the webpage via their password: password
This is then run through the php md5 function and store that as a session
The session password would be: 5f4dcc3b5aa765d61d8327deb882cf99
In ldap you store that mess however you'd like. Using the ldap md5
password method would probably be nice enough.
This has a couple of benefits, but is really only, imho, a psuedo-security
method. Better than logging in cleartext all the time though.
> Hi list,
> I needed help in programming PHP authenticating to
> OpenLDAP server.
> Currently, I'm passing the cleartext password to
> ldap_bind() and it works ok. However, since I'm going
> to use session, I don't want to keep the password in
> the session as cleartext in order for PHP to
> authenticate again to OpenLDAP.
> I was thinking of hashing the password with md5 before
> saving it in the session. However, ldap_bind() does
> not accept encrypted password (I think because the
> ldap API will hash the cleartext password and compare
> it with the one in the LDAP database).
> Reading the mailing list archive, seems that this
> method is not possible. Has anyone find a way to
> circumvent this?
> Thank you.
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!