[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Userpasswords stored in plain text

To: openldap-technical@openldap.org
Subject: Re: Userpasswords stored in plain text
From: Tim Watts <tw@dionic.net>
Date: Wed, 06 Mar 2013 10:13:09 +0000
In-reply-to: <SNT002-W144D6DE190A2C7E3CADD87FDAE40@phx.gbl>
References: <SNT002-W144D6DE190A2C7E3CADD87FDAE40@phx.gbl>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2

On 06/03/13 09:58, arantza serrano wrote:

Hello,

I need that the userpasswords are stored hashed. I have configured the
slapd.conf file with this option:

    password-hash {SSHA}

Hi,

That only takes effect if the password is set via an Extended Operationpassword Modify command.


using slapo-ppolicy and setting:
ppolicy_hash_cleartext

Will catch your cases and hash them.

Another solution is to pre-hash them before sending to ldapadd. You canuse slappasswd for this - or do it directly in perl for example.


Cheers

Tim

--
Tim Watts
Personal Blog:                          http://squiddy.blog.dionic.net/

http://www.sensorly.com/ Crowd mapping of 2G/3G/4G mobile signal coverage

References:
- Userpasswords stored in plain text
  - From: arantza serrano <zazu2276@hotmail.com>

Prev by Date: Userpasswords stored in plain text
Next by Date: Re: Userpasswords stored in plain text
Index(es):
- Chronological
- Thread