[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Compare-Request on hashed userPassword



Buchan Milne wrote:
> On Tuesday, 27 September 2011 18:59:52 Michael Ströder wrote:
>> We have {SSHA}-hashed passwords in attribute userPassword.
>>
>> One application sends CompareRequests with the clear-text password instead
>> of a BindRequest to validate the password which obviously fails. The
>> application vendor claims it is too much effort to change that behaviour
>> in the application.
> 
> Wouldn't it be more beneficial to everyone if you asked the vendor to provide 
> a version of their software that was standards-compliant?

As said in another posting that is my own first and preferred recommendation.
But sometimes it's not so easy...

Ciao, Michael.