[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Authenticating with blank passwords



This is a little off-the-cuff, but could you rewrite blank passwords
coming in to something that you could keep in your database as
representing "blank"?  Or is rewrite back-end?

On 1/9/06, Howard Chu <hyc@symas.com> wrote:
> Emmanuel Dreyfus wrote:
> > Max Williams <max.williams@paradise.net.nz> wrote:
> >
> >
> >> Does anyone know a work around or some way of allowing clients to authenticate
> >> with blank passwords?
> >>
> >
> > Write a shell backend that only do the authentication?
> >
> >
> That won't work; Binds with empty password are processed by the frontend.
>
> You'll just have to hack the existing code in bind.c to allow what you
> want. From a security perspective, what you want is an extremely bad
> idea. I don't think you'll convince anybody to make it a standard feature.
>
> --
>   -- Howard Chu
>   Chief Architect, Symas Corp.  http://www.symas.com
>   Director, Highland Sun        http://highlandsun.com/hyc
>   OpenLDAP Core Team            http://www.openldap.org/project/
>
>