[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Encrypted Passwords
On Fri, Nov 16, 2001 at 09:52:32AM -0500, Thomas Gagne wrote:
> It's nice of web servers to get users' logins and passwords, but I need to
> authenticate the password in my application (not through the server) to LDAP.
> Question is, if the web server is encrypting the password, (it looks like
> "{crypt}87dfhak//4s") how can I pass that string to openLDAP, or must I
> decrypt it first, or get it in the clear to begin with?
What do you mean the password looks like "{crypt}87dfhak//4s"?
Are you trying to transfer a set of passwords that look like
"{crypt}87dfhak//4s" to an LDAP repository?
Generally speaking
- LDAP should hold encrypted hashes of passwords
- the Web server should not alter the data it gets from the client/browser
- the application will need the cleartext client-supplied username and
password values to authenticate against LDAP
If you've got the encrypted passwords in LDAP and LDAP queries verify that
it looks good (please read the OpenLDAP admin guide if you have questions
about "::" in LDIF output), then this is really a question for your Web
server & application framework vendors, right?
-Peter