[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problem when replication is configured with crypted password
> On Fri, 24 Mar 2006, Sven Pfeifer wrote:
>
>> I have no problems in replication. So my question is: Can I use a
>> crypted
>> password-String in the credentials= or not?
>> Any hints on how to fix it are welcome.
>
> Not. You can fix it the way you indicated.
>
>
> When you're setting "credentials=", you can think of it being "the same"
> as entering in a password at a password prompt. One of the main points of
> one-way crypted passwords (in theory; weak crypto being a notable
> exception) is that they can't be entered at that prompt nor can they be
> derived to be entered at that prompt. So your config example can't work in
> theory and therefore can't work in practice.
>
> The opposite applies for the directives that are *checked*. An example of
> this in slapd.conf(5) is "rootpw" directive. These can be hashed if
> desired.
I think we should add a check: if the "credentials" field starts with a
known hashing, a warning should be issued; if it starts with "{" and
contains "}" a different warning should be used.
p.
Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------