[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.0 and its crazy userPassword usage

To: openldap-software <openldap-software@OpenLDAP.org>
Subject: Re: OpenLDAP 2.0 and its crazy userPassword usage
From: Michael Ströder <michael@stroeder.com>
Date: Sat, 12 May 2001 23:30:49 +0200
Organization: stroeder.com
References: <5.1.0.14.0.20010511171154.00aa2830@127.0.0.1> <5.1.0.14.0.20010512131451.00accec0@127.0.0.1> <5.1.0.14.0.20010512141303.00ac34f0@127.0.0.1>

"Kurt D. Zeilenga" wrote:
> 
> >Changing the password with userPassword and hash-scheme would be as
> >follows:
> >- Check which one is the old password by iterating over all values
> >of userPassword values and comparing the hashed password to the
> >values.
> >- Modify the list of userPassword attribute values such that only
> >the old password is changed (with appropriate hashing scheme).
> >
> >Is that right? Would be kinda strange...
> 
> That would be one approach.  But there are other approaches.d
> Clients should just use the password modify extended operation
> and let the server do the right thing.

Yes, I just had a look at RFC3062 especially since
draft-zeilenga-ldap-authpasswd-05.txt states for authPasswordSyntax:
"Transfer of values of this syntax is strongly discouraged.."

This does make sense but I wonder when we finally manage to have
widely deployed implementations...

> Otherwise the client
> needs to have apriori knowledge of how the server manages
> authentication secrets.

LDAP clients are doing a lot of assumptions anyway... ;-)

Ciao, Michael.

References:
- Re: OpenLDAP 2.0 and its crazy userPassword usage
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: OpenLDAP 2.0 and its crazy userPassword usage
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: OpenLDAP 2.0 and its crazy userPassword usage
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: OpenLDAP 2.0 and its crazy userPassword usage
Next by Date: 1.2.11 + Linux 2.4.4 grief
Index(es):
- Chronological
- Thread