[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem when replication is configured with crypted password

To: Sven Pfeifer <sven.pfeifer@netexpress.de>
Subject: Re: Problem when replication is configured with crypted password
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Fri, 24 Mar 2006 09:16:03 -0500 (EST)
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <45993.217.111.53.98.1143198054.squirrel@intern.netexpress.de>
References: <45993.217.111.53.98.1143198054.squirrel@intern.netexpress.de>

On Fri, 24 Mar 2006, Sven Pfeifer wrote:

> I have no problems in replication. So my question is: Can I use a crypted
> password-String in the credentials= or not?
> Any hints on how to fix it are welcome.

Not. You can fix it the way you indicated.

When you're setting "credentials=", you can think of it being "the same"
as entering in a password at a password prompt. One of the main points of
one-way crypted passwords (in theory; weak crypto being a notable
exception) is that they can't be entered at that prompt nor can they be
derived to be entered at that prompt. So your config example can't work in
theory and therefore can't work in practice.

The opposite applies for the directives that are *checked*. An example of
this in slapd.conf(5) is "rootpw" directive. These can be hashed if
desired.

Follow-Ups:
- Re: Problem when replication is configured with crypted password
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- Problem when replication is configured with crypted password
  - From: "Sven Pfeifer" <sven.pfeifer@netexpress.de>

Prev by Date: Re: libldap-2.2.so.7 - RHEL4 library problem
Next by Date: Re: Problem when replication is configured with crypted password
Index(es):
- Chronological
- Thread