[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can password-hash be database specific? also, storing and verifying cleartext passwords

To: "Tom Leach" <leach@coas.oregonstate.edu>
Subject: Re: Can password-hash be database specific? also, storing and verifying cleartext passwords
From: masarati@aero.polimi.it
Date: Tue, 29 Jun 2010 01:27:56 +0200 (CEST)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <4C292D16.8070805@coas.oregonstate.edu>
References: <4C20D550.8030503@coas.oregonstate.edu> <5697e575fc43eacf39c82a64160bcddc.squirrel@www.aero.polimi.it> <4C292D16.8070805@coas.oregonstate.edu>
User-agent: SquirrelMail/1.4.15

> Thanks for everyone's help.  I don't want users passwords stored in
> clear text in the directory, so I've set the password-hash back to SSHA.
> Even when it was stored in cleartext, the passwords were base64 encoded
> and freeradius wasn't seeing that as a match.

Passwords are not *stored* base64-encoded; they're just presented
base64-encoded.  They're stored with their actual value.  The reason for
back64-encode them when presented is that octet-strings could be
non-printable.

p.

References:
- Can password-hash be database specific? also, storing and verifying cleartext passwords
  - From: Tom Leach <leach@coas.oregonstate.edu>
- Re: Can password-hash be database specific? also, storing and verifying cleartext passwords
  - From: masarati@aero.polimi.it
- Re: Can password-hash be database specific? also, storing and verifying cleartext passwords
  - From: Tom Leach <leach@coas.oregonstate.edu>

Prev by Date: Re: Can password-hash be database specific? also, storing and verifying cleartext passwords
Next by Date: Re: ldapsearch not returning namingContexts
Index(es):
- Chronological
- Thread