[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP as a SASL backend

On Monday 05 November 2007 13:20:04 Zohar Lev Shani wrote:
> I understand now why I cannot put hashed userPassword when I use SASL. But,
> does it mean that the ONLY place where I can use hashed passwords for
> authentication is the rootpw directive in slapd.conf, or, there are more
> sensible use cases where it can be used?

Uh, well, if you want to use SASL mechanisms that require a shared secret, 
obviously: no. If you want to use simple binds, then you can use a hashed 
userPassword. If you want to use other SASL mechanisms that support encrypted 
keys, mutual 3rd-party authentication - then you're not going to use 
userPassword at all ...