[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Schema: encrypted 8-bit userPassword and SASLprep
Jim Sermersheim writes:
><Michael>
>> Note that hashed passwords are non-standard anyway... ;-)
>
><Halvard>
>> No, they are irrelevant to the standard:
>
> Halvard, if you are still talking about userPassword, see Section 2.41
> in
> http://ietf.org/internet-drafts/draft-ietf-ldapbis-user-schema-06.txt:
> "Passwords are stored using an Octet String syntax and are not
> encrypted. "
Oh my. I didn't notice that. Or maybe I did, but just didn't believe
what I saw:-)
Please, could we remove this requirement? This means people can't bind
to LDAP with their Unix or Windows passwords. Our security people would
never allow us to run an LDAP server conforming to this requirement, and
I doubt they are alone in that.
--
Hallvard