Re: Passwords don't appear to hash ???

[Rob Tanner <rtanner@linfield.edu>]

While using ldappasswd the immediate problem, it leads me to another serious
issue.  I am in the process of moving from a Netscape4 server to OpenLdap.
Passwords are maintained via a webapp written in Java.  Using the JNDI for
LDAP access, I merely send the cleartext password to the LDAP server, and it
takes care of the hashing.  Will I now have to do the {SHA} hash within the
application before sending the password to OpenLdap?  And if so, do I or do I
not have to preface the hash with {SHA}?

Thanks,
Rob

--On Thursday, September 30, 2004 04:55:04 PM -0700 "Kurt D. Zeilenga"
<Kurt@OpenLDAP.org> wrote:

> At 04:28 PM 9/30/2004, Rob Tanner wrote:
>> I have OpenLdap v.2.2.17 installed and when I add passwords encrytion does
>> not happen -- even when I added the line "password-hash  {SSHA} to
>> slapd.conf.  I even tried adding a record as an LDIF using the ldapadd
>> command, and prefacing the password text with {SSHA}, and still all that
>> appears to be stored is a BASE64 version of the cleartext password.
>> Ldapsearch returns clear text.
> 
> By design.
> 
>> Is there some additional setting that I'm missing?
> 
> Use of the LDAP Password Modify Extended Operation, e.g.,
> ldappasswd(1).  See slapd.conf(5).
> 
> Kurt 
> 



-- 
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR