[Date Prev][Date Next] [Chronological] [Thread] [Top]

Double passwords in accounts


Based on the fact that the userPassword attribute is NOT single-valued in the schema definition, I was wondering whether there are cases where we could use a double-password approach or if doing that would just cause a mess.

For example, could we store both a clear-text password (to be used e.g. in DIGEST authentication) AND an encrypted (SSHA or MD5) one for standard use? If that could work, (I assume that) openldap would know which one to use based on the negotiation with the client application, which would normally try different authentication methods in a particular order. Openldap would then use the right password automatically (ideally), depending on the authentication method used each time.

Any info would be appreciated.