[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and PAM based password changing





--On Donnerstag, 7. Februar 2002 19:44 +0530 Shanker Balan <shanu@exocore.com> wrote:

Correct. Hmm... so what purpose does the OpenLDAP "extended operations"
serve?

The "Password Modify Extended Operation" (see RFC 3062) has been defined to create a standard way for updating a user's password. As currently implemented in OpenLDAP, it will automatically hash the password before storing it in the userPassword attribute type.


Some servers (e.g. Netscape IIRC) also automatically hash the userPassword attribute on basic ldap protocol operations such as add or modify. However, this does not conform to the X.500 data model as you write some value into the directory but will get back something else if you read it again.

You are free to add code to passwd_extop() in servers/slapd/passwd.c to update other credential stores...

--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de