[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7278) [PATCH] SHA-2: Add support salted SHA-2 password hashes

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7278) [PATCH] SHA-2: Add support salted SHA-2 password hashes
From: quanah@zimbra.com
Date: Tue, 29 May 2012 16:30:55 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

--On Tuesday, May 29, 2012 4:08 PM +0000 hyc@symas.com wrote:

>> It is a problem that a slappasswd user must have read privilage
>> on slapd.conf (or slapd.d) by this patch...
>
> slappasswd is an administrative command; if you don't have administrator
> access already you have no business running it.

What in any way makes it administrative?  You simply give it a password to 
convert into whatever scheme for you.  Where is the administrative 
requirement?  Why shouldn't X user with some particular permissions into 
the database, but not the configuration, be able to run it to generate a 
value?

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#7278) [PATCH] SHA-2: Add support salted SHA-2 password hashes
Next by Date: Re: (ITS#7278) [PATCH] SHA-2: Add support salted SHA-2 password hashes
Index(es):
- Chronological
- Thread