[Date Prev][Date Next]
Re: Storing 'userPassword' encrypted via server settings.
On Thursday 30 October 2003 16:44, email@example.com wrote:
> I've been wowrking towards setting up several HPUX servers to authenticate
> off of openldap. So far I've got the appropriate schema added so that I
> can run through the ldapux setup without problems and hook nss and pam into
> ldap. Authentication works, but when changing my password via the HPUX
> passwd command it stores the password in clear text on the openldap server.
> I found this note from 1999 and wondered if there has been any progress.
> Is it possible to change core.schema's attribute type for 'userPassword' to
> accomplish server based encryption?
I don't know anything about HP/UX but if you use pam_ldap from PADL
on your HPUX boxes you should be able to configure how passwords are
stored using the 'pam_password' config option in pam_ldap's config file
/etc/ldap.conf (note: this is different from OpenLDAP's client config file
For some values of 'pam_password' a special value 'password-hash' in
slapd's configuration file on the server /etc/openldap/slapd.conf might be