[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem when replication is configured with crypted password

> On Fri, 24 Mar 2006, Sven Pfeifer wrote:
>> I have no problems in replication. So my question is: Can I use a
>> crypted
>> password-String in the credentials= or not?
>> Any hints on how to fix it are welcome.
> Not. You can fix it the way you indicated.
> When you're setting "credentials=", you can think of it being "the same"
> as entering in a password at a password prompt. One of the main points of
> one-way crypted passwords (in theory; weak crypto being a notable
> exception) is that they can't be entered at that prompt nor can they be
> derived to be entered at that prompt. So your config example can't work in
> theory and therefore can't work in practice.
> The opposite applies for the directives that are *checked*. An example of
> this in slapd.conf(5) is "rootpw" directive. These can be hashed if
> desired.

I think we should add a check: if the "credentials" field starts with a
known hashing, a warning should be issued; if it starts with "{" and
contains "}" a different warning should be used.


Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it