[Date Prev][Date Next] [Chronological] [Thread] [Top]

Applications, authentication, and hashing methods..



This is a general LDAP question, and not specific to OpenLDAP, but I have a
feeling I will get some good answers here. :)

Let's say I have a generic set of applications X, Y, and Z. I want users of
these applications to auth using information in LDAP. (We are indeed running
OpenLDAP.) In general I can do this by trying to bind as that user. So if
userPassword is in crypt form I need to crypt() my password and then submit
it, and ditto for SHA1, when binding. For plaintext I just send the password
in plaintext. This assumes that a user will have the same password for all
applications.

There is a possibility that I will need to support some applications that
needs a different password for my users.

I'm wondering how to best support this?

If the application is open source I could change the code so that it
compared the user's entered password against something in their entry.
(Score one for open source.)

If the application is closed and just tries to do a bind is there a
solution? I don't see one.

Also, speaking of passwords, I also have the potential issue that an
application doesn't support the form of hashing that I use for userPassword
when a user sets her password. Let's say that I hash a password when putting
it into userPassword using SHA1. That means I have to force all of my
applications to first hash using SHA1 and then do a bind. How can I support
applications that use different methods to hash algorithms?