[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticating with blank passwords

Emmanuel Dreyfus wrote:
Max Williams <max.williams@paradise.net.nz> wrote:

Does anyone know a work around or some way of allowing clients to authenticate
with blank passwords?

Write a shell backend that only do the authentication?

That won't work; Binds with empty password are processed by the frontend.

You'll just have to hack the existing code in bind.c to allow what you want. From a security perspective, what you want is an extremely bad idea. I don't think you'll convince anybody to make it a standard feature.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/