[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Forgotten password recovery

To: Brett Maxfield <brett.maxfield@gmail.com>
Subject: Re: Forgotten password recovery
From: Michael Ströder <michael@stroeder.com>
Date: Thu, 05 Feb 2009 12:37:20 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <4989f00e.1c078e0a.550a.1716@mx.google.com>
References: <4989f00e.1c078e0a.550a.1716@mx.google.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.19) Gecko/20081204 SeaMonkey/1.1.14

Brett Maxfield wrote:
> Maybe generate a random challenge, store it in ldap as an additional
> hashed password value maybe with a special {challenge} hash type as a
> marker, assuming ldap will try *all* passwords when logging in.

Implementing this with multi-valued userPassword will raise some issues
when sorting out the temporary challenge-password later (either if it's
used or not used by the end user). I'd go for separate LDAP entries
where you can store additional expiration information.

Ciao, Michael.

Follow-Ups:
- Re: Forgotten password recovery
  - From: Vincent Panel <yohonet@gmail.com>

References:
- RE: Forgotten password recovery
  - From: Brett Maxfield <brett.maxfield@gmail.com>

Prev by Date: Re: [openldap] Newbie question: can the server (slapd) show incoming search queries?
Next by Date: Re: Forgotten password recovery
Index(es):
- Chronological
- Thread