[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: userPassword: {UNIX}uid [was: Authentication with UNIX username/password (ITS#212)]
At 10:58 PM 6/26/99 +0200, Julio Sanchez wrote:
>"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> writes:
>> userPassword: {UNIX}uid
>I don't know... A user that can change this to point to some other
>uid can then use slapd to crack that other uid password.
I actually think {UNIX} is safer than {CRYPT}. It doesn't
expose the hash. In fact, the administrator can disable
write access to the userPassword attribute to self!
Anyways, --disable-crypt turns this and {CRYPT} support off...
Would be nice if the slapd configuration support of userPassword
methods (and server side generation):
passwordAttribute userPassword
passwordAllow SSHA SMD5 SHA MD5
passwordGenerate SSHA
And, of course, a mechanism to completely disable userPassword
support in favor of (working) Kerberos V support.
Contributions welcomed...
Kurt