[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Why ldap sasl digest-md5 only works for clear password?



Digest-MD5 is a shared secret mechanism.

Unless I'm mistaken, the server-side data will always have to be stored
either in the clear or encrypted with a key the server knows about.

On Tue, 29 Apr 2003, Ming Deng wrote:

> Rpm version: openldap 2.1.16
>
> I want to authenticate users again ldap server with Digest-MD5 SASL
> mechanism. If I store user password in clear text format in userPassword
> attribute of ldap directory, it works fine. But if I store the password
> in any hashed format. e.g. MD5, SHA, it will fail with:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>        additional info: SASL(-13): authentication failure: client
> response doesn't match what we generated
>
> Thanks,
>
> Ming
>
>