[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Storing 'userPassword' encrypted via server settings.
Hi,
On Thursday 30 October 2003 16:44, don@swbe.com wrote:
> I've been wowrking towards setting up several HPUX servers to authenticate
> off of openldap. So far I've got the appropriate schema added so that I
> can run through the ldapux setup without problems and hook nss and pam into
> ldap. Authentication works, but when changing my password via the HPUX
> passwd command it stores the password in clear text on the openldap server.
> I found this note from 1999 and wondered if there has been any progress.
>
> http://www.openldap.org/lists/openldap-bugs/199910/msg00018.html
>
> Is it possible to change core.schema's attribute type for 'userPassword' to
> accomplish server based encryption?
I don't know anything about HP/UX but if you use pam_ldap from PADL
on your HPUX boxes you should be able to configure how passwords are
stored using the 'pam_password' config option in pam_ldap's config file
/etc/ldap.conf (note: this is different from OpenLDAP's client config file
/etc/openldap/ldap.conf).
For some values of 'pam_password' a special value 'password-hash' in
slapd's configuration file on the server /etc/openldap/slapd.conf might be
necessary.
Peter
--
Peter Marschall
eMail: peter@adpm.de