[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password question

To: Ezsra McDonald <ezsra_mcdonald@yahoo.com>
Subject: Re: password question
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 17 Jun 2004 07:52:40 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20040617142116.3976.qmail@web20516.mail.yahoo.com>
References: <20040617142116.3976.qmail@web20516.mail.yahoo.com>

At 07:21 AM 6/17/2004, Ezsra McDonald wrote:
>Greetings,
>
>I discovered today that my ldap authentication is
>allowing people to login wiht the wrong password.
>
>Say my password id "green". When prompted by my web
>broser or mail client for a password I can enter
>"greenfrog" and still get access.

You should attempt to duplicate the problem using
tools which are part of OpenLDAP Software.  If
you cannot, then the problem is likely with other
software.  And in describe the problem, you should
provide both the input/output of the tool, but
a copy of the entry used as well.  This would,
amongst other things, detail which password
scheme was in use.

Note that some schemes, in particular {CRYPT}, may
only consider a limited number of characters of the
password to be significant.  See crypt(3) for details.

>Anyone know why it works this way?
>Server details:
>openldap-servers-2.0.27-11

That doesn't appear to be OpenLDAP Software as
distributed by OpenLDAP Project.  I have no
idea of how it differs from OpenLDAP Software,
but if it's based on OpenLDAP 2.0.27, you should
update to the latest version of OpenLDAP Software.
2.0.27 has not been supported for quite some time.

Kurt

References:
- password question
  - From: Ezsra McDonald <ezsra_mcdonald@yahoo.com>

Prev by Date: password question
Next by Date: Re: 2.2.13 crashes with ch_realloc of 2455080002 bytes failed
Index(es):
- Chronological
- Thread