[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: PHP: issues managing the password, what is wrong?
Hello,
Alberto Moreno wrote:
...
>
> My current problem is with the password, I have found small app that
> wants to compare the input of the password vs the ldap password this
> will let us identify the user.
>
As Dieter already said, wrong. Authenticate directly with provided
credentials, or use "proxy" user to search for uid resp. DN, then try to
authenticate against it with provided credentials.
> Well searching aroun, I found the crypt function but there is a
> thing that I don't like it:
>
> "The standard DES-based encryption crypt() returns the salt as the
> first two characters of the output. It also only uses the first eight
> characters of str , so longer strings that start with the same eight
> characters will generate the same result (when the same salt is used)"
>
> How can I deal with this note: 8 characters only?
>
I believe this is broken, or obsolete. I'm using Perl port of Unix
crypt() function, and it works just fine for "any" password lengths.
8 characters limitation sounds like - history :)
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla@turnovfree.net
jabber: stybla@jabber.turnovfree.net