[Date Prev][Date Next] [Chronological] [Thread] [Top]

PHP authentication with encrypted password



Hi list,

I needed help in programming PHP authenticating to
OpenLDAP server.

Currently, I'm passing the cleartext password to
ldap_bind() and it works ok.  However, since I'm going
to use session, I don't want to keep the password in
the session as cleartext in order for PHP to
authenticate again to OpenLDAP.

I was thinking of hashing the password with md5 before
saving it in the session.  However, ldap_bind() does
not accept encrypted password (I think because the
ldap API will hash the cleartext password and compare
it with the one in the LDAP database).

Reading the mailing list archive, seems that this
method is not possible.  Has anyone find a way to
circumvent this?

Thank you.

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com