[Date Prev][Date Next] [Chronological] [Thread] [Top]

Password consistancy in the LDAP database



For those that are using openldap for authentication,
how do you handle passwords?  e.g. i plan on using
MD5 passwords, mainly because traditionally MD5
has provided stronger encryption of passwords then
crypt (at least for /etc/shadow), but the problem
is all of the utils i have found so far (web based
mostly) only support the crypt password hash.

Another thing i was thinking was just hardcode
the password for each user, give them the password,
and revoke their rights to write to that field.

Does the  'passwd' utility work reliably for
changing LDAP passwords(thats one feature i
have yet to try). I read a couple places
it was not, but i think the sites were
referring to a different version of the pam_ldap
modules. I plan to use LDAP primarily on solaris
and Linux(mostly debian 2.2 and 3.0).

thanks to everyone for the help, i got 3 LDAP
servers running(2 slave), replicating over
SSL(stunnel, less complicated at this
point then trying to get them to talk native
SSL, and stunnel has been a very reliable
program for me so i trust it's reliablity),
setup round-robin DNS for the 2 slave
LDAP servers, have netscape roaming working
(whew).

now if only mozilla/netscape6 supported LDAP
and/or roaming! i was shocked to see the
latest netscape 6 still didn't support LDAP
yet.

nate