[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password hash in openldap

Am Montag 27 Oktober 2008 07:02:34 schrieb Paul Lee:
> Dear all,
> Last time I changes the slapd.conf to restrict anonymous user to see the
> userPassword attribute from 3rd party LDAP browser.  However, our client
> still wants to encrypt/hash the password stored in LDAP because he says
> that he can user other users auth to the LDAP and then can see other
> users' password (e.g. he can see his boss's password).
> Since we have the admin portal to change the user password as well,
> seems it can't restrict userpassword attribute by self read/write.
> Also, we will use the password policy and restrict users to re-use the
> last 12 passwords.
> So, my question is that is it possible to hash the password stored in
> openldap, also, the password stored in the password history is also
> hashed so that even other users can't see the password of others.

man slapo_ppolicy(5)
ppolicy_hash_cleartext, but read the comment in the manual page.

Dieter Klünter | Systemberatung
sip: +49.180.1555.7770535