[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slap_sasl_checkpass - why?

To: hyc@highlandsun.com
Subject: Re: slap_sasl_checkpass - why?
From: Luke Howard <lukeh@PADL.COM>
Date: Tue, 16 Apr 2002 13:11:28 +1000
Cc: openldap-devel@OpenLDAP.org
Organization: PADL Software Pty Ltd
Versions: dmail (bsd44) 2.4/makemail 2.9b

>If you want to do a simple bind, why not just stick the actual password in
>your userPassword attribute in the first place?

I though the real idea was to support in-directory secret storage
for non-plain mechanisms. But IIRC most of those mechanisms actually
require access to the plaintext password to generate a hash, rather
than verifying the user-supplied credentials against the in-directory
passwords, which is what the checkpass API supports.

Hmm.

-- Luke

--
Luke Howard | lukehoward.com
PADL Software | www.padl.com

Follow-Ups:
- RE: slap_sasl_checkpass - why?
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: slap_sasl_checkpass - why?
Next by Date: RE: slap_sasl_checkpass - why?
Index(es):
- Chronological
- Thread