[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Question about openldap admin's guide
To perform Digest-MD5, the CLEAR password must be known in both ends,
server and client.
El vie, 20-02-2004 a las 02:58, Lara Adianto escribió:
> Thanks for the reply Howar,
>
> So in conclusion, for ldap authentication using SASL
> Digest-MD5 where the password is stored in the
> directory, userPassword must be stored in {CLEAR} and
> password-hash in slapd.conf must be set to {CLEARTEXT}
> ???
>
> -lara-
>
> --- Howard Chu <hyc@highlandsun.com> wrote:
> > > -----Original Message-----
> > > From: owner-openldap-software@OpenLDAP.org
> > > [mailto:owner-openldap-software@OpenLDAP.org]On
> > Behalf Of Lara Adianto
> >
> > > Hello,
> > >
> > > In the OpenLDAP 2.2 Admin Guide, it is stated as
> > > follows:
> > > "To use secrets stored in the LDAP directory,
> > place
> > > plaintext passwords in the userPassword attribute"
> >
> > That text is specifically in the section regarding
> > SASL authentication.
> >
> > > Just wondering...
> > > can we use encrypted password, like:
> > > userPassword {SHA}wektalskgjlaksfgjlf ??
> >
> > Not with strong SASL authentication.
> >
> > > If we can only use plaintext password, then what's
> > the
> > > purpose of password-hash in the slapd.conf ?
> >
> > You can only use the hashed passwords for Simple
> > Binds.
> >
> > -- Howard Chu
> > Chief Architect, Symas Corp. Director,
> > Highland Sun
> > http://www.symas.com
> > http://highlandsun.com/hyc
> > Symas: Premier OpenSource Development and Support
> >
>
>
> =====
> ------------------------------------------------------------------------------------
> La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
> - Guy de Maupassant -
> ------------------------------------------------------------------------------------
>
> __________________________________
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing.
> http://photos.yahoo.com/