[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL secrets in LDAP

To: Howard Chu <hyc@highlandsun.com>
Subject: Re: SASL secrets in LDAP
From: Lawrence Greenfield <leg+@andrew.cmu.edu>
Date: Mon, 6 May 2002 20:35:24 -0400
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <5.1.0.14.0.20020506170913.02bc2b98@127.0.0.1>
References: <5.1.0.14.0.20020506170913.02bc2b98@127.0.0.1>

   Date: Mon, 06 May 2002 17:14:03 -0700
   From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
   Cc: <openldap-devel@OpenLDAP.org>

   At 05:02 PM 2002-05-06, Howard Chu wrote:
   >For many good reasons, we discourage the storage of plaintext passwords in
   >LDAP.

   Yes, but if userPassword is plaintext (as it really should be, see
   RFC 2256), then we can certainly use it for DIGEST-MD5.

Also, remember that the DIGEST-MD5 password hash is sufficient for
authentication (it is not a one-way hash like /etc/passwd).

Larry

Follow-Ups:
- RE: SASL secrets in LDAP
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- Re: SASL secrets in LDAP
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: SASL secrets in LDAP
Next by Date: RE: SASL secrets in LDAP
Index(es):
- Chronological
- Thread