[Date Prev][Date Next] [Chronological] [Thread] [Top]

Password hash in openldap

To: openldap-technical@openldap.org
Subject: Password hash in openldap
From: Paul Lee <paul@hk.fujitsu.com>
Date: Mon, 27 Oct 2008 14:02:34 +0800
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Dear all,

Last time I changes the slapd.conf to restrict anonymous user to see the userPassword attribute from 3rd party LDAP browser. However, our client still wants to encrypt/hash the password stored in LDAP because he says that he can user other users auth to the LDAP and then can see other users' password (e.g. he can see his boss's password).

Since we have the admin portal to change the user password as well, seems it can't restrict userpassword attribute by self read/write.

Also, we will use the password policy and restrict users to re-use the last 12 passwords.

So, my question is that is it possible to hash the password stored in openldap, also, the password stored in the password history is also hashed so that even other users can't see the password of others.

Thanks

Confidential Communication - This e-mail (including any attachments) is confidential and may be legally privileged. If this e-mail has been sent to you by mistake please inform us by reply e-mail and then delete the e-mail, destroy any printed copy and do not disclose or use the information in it.

Follow-Ups:
- Re: Password hash in openldap
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: nss_initgroups_ignoreusers
Next by Date: slurpd replication problem.
Index(es):
- Chronological
- Thread