[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: secure passwords

To: openldap-technical@openldap.org
Subject: Re: secure passwords
From: Simone Piccardi <piccardi@truelite.it>
Date: Wed, 14 Sep 2011 17:43:29 +0200
In-reply-to: <4E70C019.2050904@stroeder.com>
References: <CADKqS0ypJhSSJ_v9edCdehv=SkmTPRFJKtvkoAT9pR9bdFtTpA@mail.gmail.com> <201109141200.55071.bgmilne@staff.telkomsa.net> <4E70C019.2050904@stroeder.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.21) Gecko/20110831 Iceowl/1.0b2 Icedove/3.1.13

On 14/09/2011 16:54, Michael Ströder wrote:

Buchan Milne wrote:

IMHO, you shouldn't be hashing passwords on the client-side, it is much better
to let the DS hash the password


In some use-cases it is better to do client-side hashing. Especially if you
want to set more attributes together with attribute 'userPassword' in a single
modify request (which means single transaction).

I still prefer using Password Modification extended operation. I can usesmbk5pwd to automatically update also all the other relevantinformations (sambaPwdLastSet, sambaLMPassword, sambaNTPassword), havinga much simpler code. It's unfortunate that the patch to update alsoshadowLastChange was not applied.


Simone
--
Simone Piccardi                                 Truelite Srl
piccardi@truelite.it (email/jabber)             Via Monferrato, 6
Tel. +39-347-1032433                            50142 Firenze
http://www.truelite.it  Tel. +39-055-7879597    Fax. +39-055-7333336

References:
- secure passwords
  - From: sim123 <Sim3159@gmail.com>
- Re: secure passwords
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: secure passwords
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: How to disable cn=config module in OpenLDAP
Next by Date: Re: How to disable cn=config module in OpenLDAP
Index(es):
- Chronological
- Thread