[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password consistancy in the LDAP database
I wrote my admin tools in perl. There is an md5 module for perl for this kinda
stuff. There is also 'directory administrator'. Search on freshmeat.net. It
supports md5 passwds. Writing a little cgi for them to change their password is
really easy. I wrote a library for webmin to facilitate managing users and
groups. it is a kludge and probably insecure in its current state but I am
pretty bad with programming. This goes to show that there are ways to do what
you are asking with little skill. :)
TO answer your other question about passwd, i do not know. I think that if you
are using pam, passwd will follow what pam says and do the magic for you,
including md5.
--
Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
Quoting nate <ldap@aphroland.org>:
For those that are using openldap for authentication,
how do you handle passwords? e.g. i plan on using
MD5 passwords, mainly because traditionally MD5
has provided stronger encryption of passwords then
crypt (at least for /etc/shadow), but the problem
is all of the utils i have found so far (web based
mostly) only support the crypt password hash.
Another thing i was thinking was just hardcode
the password for each user, give them the password,
and revoke their rights to write to that field.
Does the 'passwd' utility work reliably for
changing LDAP passwords(thats one feature i
have yet to try). I read a couple places
it was not, but i think the sites were
referring to a different version of the pam_ldap
modules. I plan to use LDAP primarily on solaris
and Linux(mostly debian 2.2 and 3.0).
thanks to everyone for the help, i got 3 LDAP
servers running(2 slave), replicating over
SSL(stunnel, less complicated at this
point then trying to get them to talk native
SSL, and stunnel has been a very reliable
program for me so i trust it's reliablity),
setup round-robin DNS for the 2 slave
LDAP servers, have netscape roaming working
(whew).
now if only mozilla/netscape6 supported LDAP
and/or roaming! i was shocked to see the
latest netscape 6 still didn't support LDAP
yet.
nate