[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using Password-hash to create secure passwords..



I was about to complain that the posted FAQ entry talks about password hashes (data), but not Password-hash (slapd.conf option), but I did find an interesting tidbit:

http://www.openldap.org/faq/data/cache/906.html

So this doesn't answer the question, but it does let me rephase the question.

openldap-software:

It seems to me then that it doesn't matter how I submit my userPassword for an update as long as I meet these conditions:

1. My LDAP communicaiton is over SSL. This ensure that the plaintext password I send when setting userPassword is safe during transmission.

2. I set Password-hash to be SSHA. This way if someone steals my OpenLDAP data files the passwords will still be secure.

A question remains: Can I override Password-hash? If I submit a password in plaintext to set userPassword, and Password-hash is set to MD5, then slapd stores userPassword as a MD5 hash. But what if Password-hash is set to MD5 but I submit userPassword as '{SSHA}lksjdflsjf'. Does this override Password-hash, or does slapd try to create an MD5 hash of '{SSHA}lksjdflsjf'?

----- Original Message ----- From: "Michael Ströder" <michael@stroeder.com>
To: <fuser9bb@hotpop.com>
Cc: <openldap-software@OpenLDAP.org>
Sent: Friday, January 28, 2005 11:48 AM
Subject: Re: Using Password-hash to create secure passwords..



fuser9bb@hotpop.com wrote:
Now can someone help with the Password-hash question? :)

http://www.openldap.org/faq/data/cache/419.html

Ciao, Michael.