Digest-MD5 is a shared secret mechanism.
Unless I'm mistaken, the server-side data will always have to be stored
either in the clear or encrypted with a key the server knows about.
On Tue, 29 Apr 2003, Ming Deng wrote:
Rpm version: openldap 2.1.16
I want to authenticate users again ldap server with Digest-MD5 SASL
mechanism. If I store user password in clear text format in userPassword
attribute of ldap directory, it works fine. But if I store the password
in any hashed format. e.g. MD5, SHA, it will fail with:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication failure: client
response doesn't match what we generated
Thanks,
Ming
I assume "the server" you talked about is slapd, since I don't even
have to run saslauthd for those authentication actions. How can I make
slapd know the key you mentioned about?