[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7278) [PATCH] SHA-2: Add support salted SHA-2 password hashes



--On Tuesday, May 29, 2012 5:49 PM +0000 michael@stroeder.com wrote:

> hyc@symas.com wrote:
>> Why should X user ever need to run this tool to generate a value?
>
> From slappasswd(8):
>
> DESCRIPTION
>        Slappasswd is used to generate an userPassword value suitable
>        for use with ldapmodify(1), slapd.conf(5) rootpw configuration
>        directive or the slapd-config(5) olcRootPW configuration directive.
>
> Do you want to restrict this text regarding ldapmodify(1) only for the
> cases that the slappasswd user has also write access to back-config?

The tool has allowed the ability to generate password values for years.  It 
is not uncommon to use it to do just that.  I've often used it to generate 
base-64 encoded SSHA values to push into LDIF I will be writing to the 
server via ldapmodify.  That should not require access to 
cn=config/slapd.conf.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration