[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem when replication is configured with crypted password

On Fri, 24 Mar 2006, Sven Pfeifer wrote:

> I have no problems in replication. So my question is: Can I use a crypted
> password-String in the credentials= or not?
> Any hints on how to fix it are welcome.

Not. You can fix it the way you indicated.

When you're setting "credentials=", you can think of it being "the same"
as entering in a password at a password prompt. One of the main points of
one-way crypted passwords (in theory; weak crypto being a notable
exception) is that they can't be entered at that prompt nor can they be
derived to be entered at that prompt. So your config example can't work in
theory and therefore can't work in practice.

The opposite applies for the directives that are *checked*. An example of
this in slapd.conf(5) is "rootpw" directive. These can be hashed if