[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Confused about md5 passwords
Stephan, Peter,
Thanks, for the response. Does the same go for SHA, and do you know if
nss_ldap even supports SHA? I definetely don't want to switch to Kerberos.
Thanks,
Harry
Quoting Stephan Siano <stephan.siano@suse.de>:
Hi,
there is no algorithmic way to calculate a password from a hash value, so the
password needs to be transferred to the LDAP server. Simple authintication
(used by the PAM-modules) just does that. There are two ways to prevent
tranferring cleartext passwords.
a) use TLS. In this case the password is still transferred, but the whole
client-server communitcation is encrypted.
b) use SASL. SASL supports ways to authenticate without actually transferring
a password. Unfortunately pam_ldap does not support SASL and the credentials
are not stored in the directory. (A combination of nss_ldap and Kerberos may
help here).
Yours
Stephan Siano
--
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux Solutions AG Phone: 06196 50951 31
Mergenthalerallee 45-47 Fax: 06196 409607
D-65760 Eschborn
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/