[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Max length allowed for a password



Hallvard Breien Furuseth wrote:
On 2013-12-13 08:57, Hallvard Breien Furuseth wrote:
On 2013-12-13 08:17, Ulrich Windl wrote:
Howard Chu <hyc@symas.com> schrieb am 09.12.2013
There are no maximum lengths in LDAP. Limits imposed by other
applications
depend on the particular application.
Right, but what about typical input buffer lengths in the openLDAP
tools (like
ldapsearch)?

Right... libldap has "#define LDIF_MAXLINE 4096", you must wrap
longer lines (start each continuation line with a space).
That doesn't impose a max length of the attribute value though.

More to the point, ldapsearch() & co use getpassphrase() if available,
and a Solaris manpage says it limits input to 257 chars.
The fallback implementation in OpenLDAP liblutil allows 512
including the final \0.

This is not conclusive though. There is no limit on passwords passed on the commandline, nor on passwords read from a file.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/