[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Antwort: Re: When/why use slappasswd or any password digests [Virus checked]
At 01:40 AM 3/25/2004, Howard Chu wrote:
>>1) Is this part of the LDAP standard, or OpenLDAP specific?
>The general behavior was described in RFC2307,
I note that RFC 2307 is not a Standard Track document.
It is Experimental and known to conflict with the
Standard Track specification (namely RFC 2256).
>which also defined the
>{crypt}, {md5}, and {sha} schemes. The other schemes are not standardized.
So, from a technical specification point of view, none of these
schemes are standardized.
Now one could say some schemes are "defacto" standards. In this
case, I'd include {SSHA} in a list of such scheme. I would not
list {CRYPT}, as even when it is supported, the version of
crypt(3) used differs wildly.
Beyond this though, servers which do support such schemes
do support them by different means.
So, overall, I consider this stuff all quite experimental and,
in the long term, a bad thing (as it conflicts with the Standard
Track handling of userPassword).
Kurt