[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4643) please don't use hpux getpass()

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4643) please don't use hpux getpass()
From: Kurt@OpenLDAP.org
Date: Thu, 17 Aug 2006 22:43:17 GMT

At 12:43 PM 8/17/2006, deckrider@gmail.com wrote:
>On 8/17/06, Pierangelo Masarati <ando@sys-net.it> wrote:
>
>Thank you for responding.
>
>> deckrider@gmail.com wrote:
>> > On HP-UX B.11.23 ia64, openldap 2.3.24 decides to use getpass().  This causes
>> > problems, because our passwords are longer than 8 characters.  Thus, users with
>> > passwords longer than 8 cannot use the password prompt.
>> >
>> Having passwords consistently limited to 8 chars by consistently using
>> system-provided facilities may be considered a feature rather than a
>> bug;
>
>Within the context of ldapsearch, I don't follow that rationale.
>
>And anyway, what does openldap do automatically if it finds both
>getpass() and getpassphrase(), and why?

getpassphrase(3) is favored over getpass(3) in environments that
provide both.  It's assumed that the only difference between
the two is the maximum length of the password they can get,
with getpassphrase(3) able to get larger passwords.

>Shouldn't that same logic be followed consistently throughout?

We assume that getpassphrase(3) and getpass(3) are both generally
more robust than our built-in code and hence favor them over our
built-in code.

-- Kurt

Prev by Date: Re: (ITS#4626) "glue" objectclass in syncrepl consumer
Next by Date: Re: (ITS#4626) "glue" objectclass in syncrepl consumer
Index(es):
- Chronological
- Thread