[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Schema: encrypted 8-bit userPassword and SASLprep
I wrote:
>Jim Sermersheim writes:
>
>> Halvard, if you are still talking about userPassword, see Section 2.41
>> in
>> http://ietf.org/internet-drafts/draft-ietf-ldapbis-user-schema-06.txt:
>> "Passwords are stored using an Octet String syntax and are not
>> encrypted. "
>
> Oh my. I didn't notice that. Or maybe I did, but just didn't believe
> what I saw:-)
>
> Please, could we remove this requirement? (...)
I should have calmed down before I wrote that:-)
Another solution, of course, is for the server to store the encrypted
passwords elsewhere.
I'd be interested to know what today's servers do, though. Is the
quoted sentence above at odds with current practice? If so, I still
suggest the sentence is removed.
All I know is that OpenLDAP allows encrypted as well as passwords
passwords in userPassword.
--
Hallvard