[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Compare-Request on hashed userPassword

To: openldap-technical@openldap.org
Subject: Re: Compare-Request on hashed userPassword
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Thu, 29 Sep 2011 17:53:29 +0200
Cc: Michael Ströder <michael@stroeder.com>
In-reply-to: <4E820108.5000508@stroeder.com>
References: <4E820108.5000508@stroeder.com>
User-agent: KMail/1.13.7 (Linux/2.6.38.8-desktop-4.mga; KDE/4.6.5; x86_64; ; )

On Tuesday, 27 September 2011 18:59:52 Michael Ströder wrote:
> HI!
> 
> We have {SSHA}-hashed passwords in attribute userPassword.
> 
> One application sends CompareRequests with the clear-text password instead
> of a BindRequest to validate the password which obviously fails. The
> application vendor claims it is too much effort to change that behaviour
> in the application.

Wouldn't it be more beneficial to everyone if you asked the vendor to provide 
a version of their software that was standards-compliant?

Regards,
Buchan

Follow-Ups:
- Re: Compare-Request on hashed userPassword
  - From: Michael Ströder <michael@stroeder.com>

References:
- Compare-Request on hashed userPassword
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: How do you have LDAP Setup for Apps
Next by Date: Re: Compare-Request on hashed userPassword
Index(es):
- Chronological
- Thread