[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: disable password hash
I haven't looked too closely at this, but I should mention that I've been
planning to add support for the Microsoft UnicodePwd syntax to slapd. (All
it has to do is transform UTF8 -> UCS2 and enclose in double-quotes, pretty
simple.) The intent is to allow a password set in OpenLDAP to be replicated
to AD transparently...
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: kervin@blueprint-tech.com [mailto:kervin@blueprint-tech.com]
> Sent: Wednesday, May 22, 2002 8:49 PM
> To: hyc@highlandsun.com
> Cc: openldap-devel@openldap.org
> Subject: RE: disable password hash
>
>
> I'm a little confused about cleartext password use in slapd. This patch
> seems to be what I need to get things to work. Am I mistaken?
> The patch causes {CLEARTEXT} scheme to be treated just as the
> other schemes.
>
> This is needed in cases where we want the back-end to handle the cleartext
> passwords. As in a perl module I am writing to add/modify Win2k users.
> --Kervin
>
> > Looks like a bug, definitely. Should probably use the BER_BVC macro in
> > there anyway.
> >
> > -- Howard Chu
> > Chief Architect, Symas Corp. Director, Highland Sun
> > http://www.symas.com http://highlandsun.com/hyc
> > Symas: Premier OpenSource Development and Support
> >
> >> -----Original Message-----
> >> From: kervin@blueprint-tech.com [mailto:kervin@blueprint-tech.com]
> >> Sent: Wednesday, May 22, 2002 6:48 PM
> >> To: hyc@highlandsun.com
> >> Cc: kervin@blueprint-tech.com; openldap-software@OpenLDAP.org
> >> Subject: RE: disable password hash
> >>
> >>
> >> Hi,
> >>
> >> looked into it. 'password-hash {CLEARTEXT}' fails and I have '#define
> >> SLAPD_CLEARTEXT 1' set I'm sure.
> >> I think the cleartext schema is always ingored since in
> >> libries/libutil/passwd.c, in get_schemes()
> >> for( i=0; pw_schemes[i].name.bv_val; i++) {
> >> if( pw_schemes[i].name.bv_len == 0 ) continue;
> >>
> >> if( strncasecmp(scheme, pw_schemes[i].name.bv_val,
> >> pw_schemes[i].name.bv_len) == 0 )
> >> {
> >> return &pw_schemes[i];
> >> }
> >> }
> >>
> >> return NULL;
> >>
> >>
> >> but cleartext is defined as ...
> >>
> >> #ifdef SLAPD_CLEARTEXT
> >> /* psuedo scheme */
> >> { {0, "{CLEARTEXT}"}, NULL, NULL },
> >> #endif
> >>
> >>
> >> cleartext's name.bv_len is *always* zero, therefore fails.
> >> Shouldn't this be
> >>
> >>
> >> #ifdef SLAPD_CLEARTEXT
> >> /* psuedo scheme */
> >> { {sizeof("{CLEARTEXT}")-1, "{CLEARTEXT}"}, NULL, NULL },
> >> #endif
> >>
> >> like the others?
> >>
> >> --Kervin
> >>
> >>
> >> >> -----Original Message-----
> >> >> From: owner-openldap-software@OpenLDAP.org
> >> >> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> >> >> kervin@blueprint-tech.com
> >> >
> >> >> I'd like to disable password hashing in slapd. Does anyone know
> >> >> have to do this?
> >> >
> >> > Yes, but (seems to be the week for this) - why?
> >> >
> >> >> I've seen the "password-hash" slapd.conf option in the slapd.conf
> >> >> man page, but it does not allow me to set the hash function to
> >> >> "NONE", which is basically what I want to do.
> >> >>
> >> >> Any ideas?
> >> >
> >> > Use the Source, luke...
> >> >>
> >> >> --Kervin
> >> >>
> >> >
> >> > Use the {CLEARTEXT} scheme. slapd must have been configured with
> >> > --enable-cleartext for this to work.
> >> >
> >> > -- Howard Chu
> >> > Chief Architect, Symas Corp. Director, Highland Sun
> >> > http://www.symas.com http://highlandsun.com/hyc
> >> > Symas: Premier OpenSource Development and Support
>
>
>