[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: secure passwords



So I did more research and found that java or spring source has APIs for encrypting passwords and I could store the hashed value in openldap. If thats the case would LDPA server be able to retrive the password during bind?

And another interesting read is

http://blogs.oracle.com/DirectoryManager/entry/the_ssha_password_storage_scheme

Is that true for OpenLDAP? Can I use similar algorithm for generating password? Or should password policy will suffice ?


On Tue, Sep 13, 2011 at 2:01 PM, sim123 <Sim3159@gmail.com> wrote:
Hi All,

I am trying to store SSHA passwords in openldap instead of plain text via C code and wondering how this works. I tried exploring archives, FAQ etc and what I gathered from there is openLDAP has built in support for various password encryption algorithm however it does not have any APIs for generating passwords and password-has directive works with ldpapassword utility only. 

http://www.openldap.org/faq/data/cache/906.html

If I use some tool like Apache DS and modify my userPassword attribute to be SSHA instead of plain text it all works. I want to know how this works under the hood? Who is responsible for generating hashed passwords? If I generate it using some C routine how does LDAP Server retrieves it during the bind operation? I would really appreciate if there is any related documentation available.

Thanks for the help and support.