[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: binding with crypted password

To: openldap-software@OpenLDAP.org
Subject: Re: binding with crypted password
From: Daniel Tiefnig <openldap@qmail.infonova.at>
Date: Tue, 28 May 2002 17:40:15 +0200
Organization: INFONOVA
References: <3CF35B6B.7070700@cust.univ-bpclermont.fr>

Pierre BARIDON wrote:

> is it possible to bind with a crypted password ?

Possible: yes.

You may store the crypt representation of your password as a clear text 
password in LDAP. But be careful to not "forget", that that wouldn't be 
a crypted password anymore, but just a cleartext password reading 
"c4jHzC08CN.ug" in stead of "foo".

You'll have to decide on your own whether this makes sense in your case 
or not.

Note: You will definitively _not_ be able to store a crypted password 
in LDAP like
userpassword: {crypt}c4jHzC08CN.ug
and, after that, bind with the crypted string. That's because it won't 
make _any_ sense to store a password crypted, if you can afterwards use 
the encrypted string as a password as well.

If you don't have to _bind_, there is another possibility:
You may add an additional filter to your search, like 
"userpassword={crypt}c4jHzC08CN.ug". Though this requires "compare" 
access to the userpassword attribute, a possible security problem.


hth,
daniel
-- 
Experience is something you don't get until just after you need it.

References:
- binding with crypted password
  - From: Pierre BARIDON <pbaridon@custsv.univ-bpclermont.fr>

Prev by Date: Re: ADS + Java
Next by Date: Re: posixAccount entries under People
Index(es):
- Chronological
- Thread