[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Can password-hash be database specific? also, storing and verifying cleartext passwords
>> -----Original Message-----
>> Is the 'password-hash' configuration function a server-wide setting
>> only
>> or can it be set to different values for separate databases?
>> I'm trying to add MAC-auth RADIUS functionality to my LDAP server
>> (openldap-2.4.21) and I need to store the password for the MAC
>> addresses
>> in cleartext. I also use the LDAP server for user login which I don't
>> want to keep in cleartext. So, my thought was to have 'password-hash
>> {SSHA}' for the users database, and 'password-hash {CLEARTEXT}' for the
>> RADIUS database, but it appears that it's a global so I'm pretty sure
>> this won't work.
>
> Yes, each database can have a different hashing mechanism set.
> http://www.openldap.org/software/man.cgi?query=slapd-config&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html
I'm afraid that man page is incorrect. As far as I know, that directive
is global, not database specific. That's what I get from the code (and
what I remembered). You can check yourself by adding the directive and
inspecting the content of cn=config.
We need at least to fix the manpage.
p.