[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: plain text passwords



"Kurt D. Zeilenga" wrote:
> At 01:41 PM 3/16/01 -0800, craigl wrote:
> >This gets accepted fine with ldap, but when I do a ldapsearch, the
> >password ends up being encrypted like so:
> >userPasword:: aGVoZWhl
> It's not encrypted.
> >Another thing I see is there are 2 colons (::)
> That indicates the value is base-64 encoded.
> See archives as to why our ldapsearch(1) client
> base64 encoded userPassword values.

FWIW: If I am doing something like storing a non-password value
(anything that can be super-easily decrypted isn't exactly useful
as a password), I add a new attribute. This prevents confusion
between broken security (cleartext, or trivially obsfusicated,
passwords) amd generic settings values.

-Bop

--2D426F70|759328624|00101101010000100110111101110000
Personal:  ron@opus1.com, 520-326-6109, http://www.opus1.com/ron/
Work: rchmara@pnsinc.com, 520-546-8993, http://www.pnsinc.com/
The opinions expressed in this email are not necessarily those of myself,
my employers, or any of the other little voices in my head.