[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slap_sasl_checkpass - why?

>If you want to do a simple bind, why not just stick the actual password in
>your userPassword attribute in the first place?

I though the real idea was to support in-directory secret storage
for non-plain mechanisms. But IIRC most of those mechanisms actually
require access to the plaintext password to generate a hash, rather
than verifying the user-supplied credentials against the in-directory
passwords, which is what the checkpass API supports.


-- Luke

Luke Howard | lukehoward.com
PADL Software | www.padl.com