[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: secure passwords

On 14/09/2011 16:54, Michael Ströder wrote:
Buchan Milne wrote:
IMHO, you shouldn't be hashing passwords on the client-side, it is much better
to let the DS hash the password

In some use-cases it is better to do client-side hashing. Especially if you
want to set more attributes together with attribute 'userPassword' in a single
modify request (which means single transaction).

I still prefer using Password Modification extended operation. I can use smbk5pwd to automatically update also all the other relevant informations (sambaPwdLastSet, sambaLMPassword, sambaNTPassword), having a much simpler code. It's unfortunate that the patch to update also shadowLastChange was not applied.

Simone Piccardi                                 Truelite Srl
piccardi@truelite.it (email/jabber)             Via Monferrato, 6
Tel. +39-347-1032433                            50142 Firenze
http://www.truelite.it  Tel. +39-055-7879597    Fax. +39-055-7333336