I was about to complain that the posted FAQ entry talks about password
hashes (data), but not Password-hash (slapd.conf option), but I did find an
interesting tidbit:
So this doesn't answer the question, but it does let me rephase the
question.
openldap-software:
It seems to me then that it doesn't matter how I submit my userPassword for
an update as long as I meet these conditions:
1. My LDAP communicaiton is over SSL. This ensure that the plaintext
password I send when setting userPassword is safe during transmission.
2. I set Password-hash to be SSHA. This way if someone steals my OpenLDAP
data files the passwords will still be secure.
A question remains: Can I override Password-hash? If I submit a password in
plaintext to set userPassword, and Password-hash is set to MD5, then slapd
stores userPassword as a MD5 hash. But what if Password-hash is set to MD5
but I submit userPassword as '{SSHA}lksjdflsjf'. Does this override
Password-hash, or does slapd try to create an MD5 hash of
'{SSHA}lksjdflsjf'?
----- Original Message -----
From: "Michael Ströder" <michael@stroeder.com>
To: <fuser9bb@hotpop.com>
Cc: <openldap-software@OpenLDAP.org>
Sent: Friday, January 28, 2005 11:48 AM
Subject: Re: Using Password-hash to create secure passwords..
fuser9bb@hotpop.com wrote:
Now can someone help with the Password-hash question? :)