[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restrictions based off hash mechanisms (was: ITS#3446)

To: "Aaron Richton" <richton@nbcs.rutgers.edu>
Subject: Re: restrictions based off hash mechanisms (was: ITS#3446)
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Tue, 4 Jan 2005 12:34:02 +0100 (CET)
Cc: openldap-devel@OpenLDAP.org
Importance: Normal
In-reply-to: <50066.131.175.154.56.1104833683.squirrel@131.175.154.56>
References: <Pine.SOL.4.58.0501031456450.1581@toolbox.rutgers.edu> <50066.131.175.154.56.1104833683.squirrel@131.175.154.56>
User-agent: SquirrelMail/1.4.3a-1

> a) add a "hash" style to the "attr=<attr> val=<val>" access control
> target.
> b) at ACL parsing require this style for using the "val" target with the
> "userPassword" attribute (or for whatever attribute checked by bind).
> c) pass the values of the userPassword attribute in calls to
> access_allowed() from each backend's bind.
>
> the above should ensure that an ACL that makes use of the "val" for
> userPassword is strictly using the "hash" style.
>
> d) the "hash" style must make use only of the hash portion of the
> password, i.e. "(^{[^}]+})" in regex(7) style.

I have a patch for this, which I'll attach to the original ITS.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: restrictions based off hash mechanisms (was: ITS#3446)
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

References:
- restrictions based off hash mechanisms (was: ITS#3446)
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: restrictions based off hash mechanisms (was: ITS#3446)
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: restrictions based off hash mechanisms (was: ITS#3446)
Next by Date: Re: restrictions based off hash mechanisms (was: ITS#3446)
Index(es):
- Chronological
- Thread