[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Newbie question: setting userPassword field

To: <openldap-software@OpenLDAP.org>
Subject: RE: Newbie question: setting userPassword field
From: "Dan" <dan@fatcanary.com.au>
Date: Tue, 8 Feb 2000 12:47:17 +1030
Importance: Normal
In-reply-to: <Pine.GSO.4.21.0002071521290.148-100000@home.rudedog.org>

OK, so it appears the way to store passwords is in a hashed form on the LDAP
server, and that the hashing should be performed by the client, prior to
transmitting to the server.

I'm still learning, so please bear with me :)  From what I've gathered so
far, I basically want to type in "mypassword" into the client, and have it
transmit {SHA}blablabla@#$^$# to the server, storing it in the userPassword
attribute for a given entry, correct?  If so, I can fairly easily do this in
Java, as it has built in support for SHA-1, MD5 and one or two other
protocols (although *not* Unix style crypt, due to US export restrictions
<sigh>).

So now I have a user entry set up, complete with hashed password (let's say
I use SHA).  Next step:  I presume that when a web user wishes to
authenticate themselves to Apache using LDAP, an Apache mod_xLDAPx needs to
convert a plaintext password into {SHA}blablabla@#$^$# before it can be sent
to OpenLDAP for comparisom and authentication.  Is this correct?  If so, do
any of the modules written so far support this?  If so, problem solved; if
not, I'm back where I started. *scratches head*.  Any ideas folks?

Cheers,
D.

Dan Makovec
e-mail  dan@fatcanary.com.au <mailto:dan@fatcanary.com.au>
ICQ     1398090
Every day is a gift, that's why the present is so named

Follow-Ups:
- Re: Newbie question: setting userPassword field
  - From: John Kristian <kristian@netscape.com>

References:
- Re: Newbie question: setting userPassword field
  - From: Dave Carrigan <dave@rudedog.org>

Prev by Date: RE: searching on a DN
Next by Date: RE: Newbie question: setting userPassword field
Index(es):
- Chronological
- Thread