[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Crypt Problem?



At 09:59 PM 2002-01-16, Rajat wrote:
>hi Kurt..
>
>thank you very much for the information ... i really
>appreciate the help u have provided .
>but come to think of it ..
>y does then GQ does the correct encryption in one shot
>..
>if i use GQ to view the CRYPT encryption in
>UserPassword field .. it shows plain text ????

As I'm not familiar with GQ and the other applications
you mention, I'll just make a couple of general comments.

Likely because that is what the client provided.  If
a client add the value "foo" to userPassword, then
"foo" should be returned by the server.  userPassword
is, after all, a user application attribute (RFC 2256).

As an extension to LDAP, if the client does a modify
password extended operation (RFC 3062) then the server
will generate a hash value, per its configuration, and
store this in userPassword on the client's behalf.

If slapd was configured to use {crypt}, then it uses
whatever crypt(3) implementation it was linked with.
As different implementations have different salt formats,
password-crypt-salt is provided so that one can configure
slapd to generate an appropriate salt for the crypt(3)
implementation in use.  Use of this directive is discussed
in slapd.conf(5), likely the FAQ, and surely the archives
of this list.

Kurt