[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using different clients to change password result in different stored password's form

At 12:30 AM 12/8/2006, kadafax wrote:
>Hi list,
>as I don't know if this behavior comes from my slapd itself, I'm not
>giving too much details on it. Here is what's happening:
>in slapd.conf I have: 'password-hash {SSHA}' so I'm expecting that each
>password attribute change results in a new SSHA hashed password.

You need to adjust your expectation.  slapd.conf(5) says:
 This option configures one or more hashes to be used in generation of user
 passwords stored in the userPassword attribute during processing of
 LDAP Password Modify Extended Operations (RFC 3062).
 Note that this option does not alter the normal user applications
 handling of userPassword during LDAP Add, Modify, or other LDAP operations.

The behavior you see is most likely due to one client using the
LDAP Password Modify Extended Operation and one client using
LDAP Modify to change a userPassword.

- Kurt