[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Antwort: Re: When/why use slappasswd or any password digests [Virus checked]

At 01:40 AM 3/25/2004, Howard Chu wrote:
>>1) Is this part of the LDAP standard, or OpenLDAP specific?
>The general behavior was described in RFC2307,

I note that RFC 2307 is not a Standard Track document.
It is Experimental and known to conflict with the
Standard Track specification (namely RFC 2256).

>which also defined the
>{crypt}, {md5}, and {sha} schemes. The other schemes are not standardized. 

So, from a technical specification point of view, none of these
schemes are standardized.

Now one could say some schemes are "defacto" standards.  In this
case, I'd include {SSHA} in a list of such scheme.  I would not
list {CRYPT}, as even when it is supported, the version of
crypt(3) used differs wildly.

Beyond this though, servers which do support such schemes
do support them by different means.

So, overall, I consider this stuff all quite experimental and,
in the long term, a bad thing (as it conflicts with the Standard
Track handling of userPassword).