[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
storing HA1 password hash for HTTP DIGEST, SIP, TURN
- To: openldap-technical@openldap.org
- Subject: storing HA1 password hash for HTTP DIGEST, SIP, TURN
- From: Daniel Pocock <daniel@pocock.pro>
- Date: Mon, 13 Jul 2015 10:41:16 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pocock.pro; s=mail; t=1436776879; bh=Hl/EMw9TrOvWpHgLBD2TY7KcChhw7M85qbfftw7SgsE=; h=Date:From:To:Subject:From; b=ijmGcum+g2S0FFRx/kPsoh3R2VQwMlf0EVmlHG6OEUoB/ewGA8yG3O8FN2M91QWvZ 7XKNiti8UuChOj4AZDZVLD7e2MN9KHv8AU7iGYjG70BIGsxesEzUJ+k6HupLzEFSuj g/6wBtMKiSjdJfVe5ELQGNG/luJmeCCYTOvOxW4g=
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pocock.pro; s=mail; t=1436776877; bh=Hl/EMw9TrOvWpHgLBD2TY7KcChhw7M85qbfftw7SgsE=; h=Date:From:To:Subject:From; b=mUCH9RtJ5KdPl97BzUHt+AdfWAJrlb5FNCUqZqAKO6HbR0m3ZjJgCxxnNmeFmZp0d 0ScwBbTDrm5hF0UK4P+HhWm181wH8g+6CqtNCVjnJf4HE3wm2eB3eWCkM9KB+r7DJ2 bsiL8fGUF+KxVRmDSFHga2nnvyGCBbdM+9EH+MNQ=
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0
Hi all,
There are a few protocols that use a HA1[1] password hash, such as HTTP
DIGEST[1], SIP DIGEST[2] and TURN[3] (which uses HMAC rather than DIGEST)
Is there a standard LDAP attribute name for storing a HA1 value or
should it be stored in a regular userPassword attribute as described in
the manual[4]?
I came across smbk5pwd for keeping SMB password attributes in sync. Is
there a similar facility for keeping HA1 passwords in sync when a user
changes the password or how could a developer go about adding that,
would the smbk5pwd source be a useful model?
Regards,
Daniel
1. http://tools.ietf.org/html/rfc2617#section-3
2. https://tools.ietf.org/html/rfc3261#section-22.4
3. https://tools.ietf.org/html/rfc5389#section-15.4
4. http://www.openldap.org/doc/admin24/security.html#Password%20Storage