[Date Prev][Date Next]
Re: OpenLDAP as a SASL backend
On Monday 05 November 2007 13:20:04 Zohar Lev Shani wrote:
> I understand now why I cannot put hashed userPassword when I use SASL. But,
> does it mean that the ONLY place where I can use hashed passwords for
> authentication is the rootpw directive in slapd.conf, or, there are more
> sensible use cases where it can be used?
Uh, well, if you want to use SASL mechanisms that require a shared secret,
obviously: no. If you want to use simple binds, then you can use a hashed
userPassword. If you want to use other SASL mechanisms that support encrypted
keys, mutual 3rd-party authentication - then you're not going to use
userPassword at all ...