[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7278) [PATCH] SHA-2: Add support salted SHA-2 password hashes
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7278) [PATCH] SHA-2: Add support salted SHA-2 password hashes
- From: quanah@zimbra.com
- Date: Tue, 29 May 2012 18:02:50 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
--On Tuesday, May 29, 2012 5:49 PM +0000 michael@stroeder.com wrote:
> hyc@symas.com wrote:
>> Why should X user ever need to run this tool to generate a value?
>
> From slappasswd(8):
>
> DESCRIPTION
> Slappasswd is used to generate an userPassword value suitable
> for use with ldapmodify(1), slapd.conf(5) rootpw configuration
> directive or the slapd-config(5) olcRootPW configuration directive.
>
> Do you want to restrict this text regarding ldapmodify(1) only for the
> cases that the slappasswd user has also write access to back-config?
The tool has allowed the ability to generate password values for years. It
is not uncommon to use it to do just that. I've often used it to generate
base-64 encoded SSHA values to push into LDIF I will be writing to the
server via ldapmodify. That should not require access to
cn=config/slapd.conf.
--Quanah
--
Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration