[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pwdCheckQuality and password hashing

To: sudhakar <sudhakar@co.brazos.tx.us>
Subject: Re: pwdCheckQuality and password hashing
From: "Raymond B. Edah" <t2tre@skyblue.eu.com>
Date: Thu, 15 Nov 2007 07:51:21 +0000
Cc: openldap-software@openldap.org
In-reply-to: <473BC599.7070308@co.brazos.tx.us>
References: <473BC599.7070308@co.brazos.tx.us>
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

sudhakar wrote:

I'm using pwdCheckQuality to enforce password quality restrictions for
the userPassword attribute. In order for this to work the password has
to be received on the server end in plain text. Which is fine. But when
OpenLDAP stores the password it stores it in plain text (base64 encoded).

Is there some overlay that will encrypt the userPassword before storing it?

You can use the ppolicy_hash_cleartext directive in slapo-ppolicy.

Thanks
-sud


Rgds,
Ray


--
Raymond B. Edah
e-mail: t2tre@skyblue.eu.com
web:    http://www.cs.skyblue.eu.com

References:
- pwdCheckQuality and password hashing
  - From: sudhakar <sudhakar@co.brazos.tx.us>

Prev by Date: pwdCheckQuality and password hashing
Next by Date: Re: pwdCheckQuality and password hashing
Index(es):
- Chronological
- Thread