[Date Prev][Date Next] [Chronological] [Thread] [Top]

Double passwords in accounts

To: openldap-technical@openldap.org
Subject: Double passwords in accounts
From: Nick Milas <nick@eurobjects.com>
Date: Tue, 20 Sep 2011 10:38:21 +0300
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2

Hello,

Based on the fact that the userPassword attribute is NOT single-valuedin the schema definition, I was wondering whether there are cases wherewe could use a double-password approach or if doing that would justcause a mess.

For example, could we store both a clear-text password (to be used e.g.in DIGEST authentication) AND an encrypted (SSHA or MD5) one forstandard use? If that could work, (I assume that) openldap would knowwhich one to use based on the negotiation with the client application,which would normally try different authentication methods in aparticular order. Openldap would then use the right passwordautomatically (ideally), depending on the authentication method usedeach time.


Any info would be appreciated.

Thanks,
Nick

Follow-Ups:
- Re: Double passwords in accounts
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: open LDAP + TLS/SSL mini draft howto
Next by Date: Re: What expect to log at info level?
Index(es):
- Chronological
- Thread