[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: Re: When/why use slappasswd or any password digests [Virus checked]

"Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Gesendet von: owner-openldap-software@OpenLDAP.org

24.03.2004 20:17

        An:        Thomas Gagné <tgagne@wideopenwest.com>
        Kopie:        openldap list <openldap-software@OpenLDAP.org>
        Thema:        Re: When/why use slappasswd or any password digests  [Virus checked]

>Note that use of digested password storage mechanisms are
>not standardized.  While there is some convergence between
>various vendors, there is also ample divergence.  Technically,
>userPassword is suppose to be the user's password, in clear text.

Somewhat related question: While userPassword may be "supposed" to hold clear text, in reality it usually holds some kind of a hash, and it can also be used to store "pointers" to external authentication methods (for instance {SASL}princ@REALM, and obsolete {KERB}princ@REALM point to kerberos auth.). I presume that this behaviour is pretty unique to userPassword field. Two questions:

1) Is this part of the LDAP standard, or OpenLDAP specific?
2) Is this behaviour somehow hard-coded in openLDAP, defined in schema files, or?

This is probably not very usefull, but I'm curious if one could give the user two sepparated passwords, where both of these passwords would behave the way userPassword does.


T-Mobile Austria GmbH,
Information Technologies / Services
Knowledge Management & Process Automation

Dr. Denis Havlik,                             eMail: denis.havlik@t-mobile.at
Rennweg 12, Zi. 444                       Phone: +43-1-79-585/6237          
A-1030 Vienna                                  Fax: +43-1-795-85/6584