[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Compare-Request on hashed userPassword

On Tuesday, 27 September 2011 18:59:52 Michael Ströder wrote:
> HI!
> We have {SSHA}-hashed passwords in attribute userPassword.
> One application sends CompareRequests with the clear-text password instead
> of a BindRequest to validate the password which obviously fails. The
> application vendor claims it is too much effort to change that behaviour
> in the application.

Wouldn't it be more beneficial to everyone if you asked the vendor to provide 
a version of their software that was standards-compliant?