[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_password exop

To: teoman.onay@degroof.be
Subject: Re: pam_password exop
From: Emmanuel Dreyfus <manu@netbsd.org>
Date: Wed, 12 Sep 2012 15:10:13 +0000
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <OF89B9595C.C5C407B9-ONC1257A77.004F6F73-C1257A77.00525CCB@degroof.be>
References: <OF89B9595C.C5C407B9-ONC1257A77.004F6F73-C1257A77.00525CCB@degroof.be>
User-agent: Mutt/1.5.21 (2010-09-15)

On Wed, Sep 12, 2012 at 04:59:36PM +0200, teoman.onay@degroof.be wrote:
> Does this mean that the password is sent clear to the ldap server then 
> hashed over there ? It looks like a huge security flaw ...

The benefit is that slapd decides on the hash, password policies can 
be enforced, you can generate both Unix and NT hashes at the same time...
But it seems it assumes you use TLS or local socket.

-- 
Emmanuel Dreyfus
manu@netbsd.org

References:
- pam_password exop
  - From: teoman.onay@degroof.be

Prev by Date: pam_password exop
Next by Date: Re: pam_password exop
Index(es):
- Chronological
- Thread