[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Openldap password problems



--On Thursday, May 14, 2015 10:53 PM +0000 Craig White <CWhite@skytouchtechnology.com> wrote:



No

I disagree. Setting the default to {CRYPT} is a security nightmare, regardless of what the application is doing. If the application is (correctly) using an ldapv3 password modify op, it'll get set to CRYPT on the openldap server due to their (broken) configuration.

Better solution is to ensure the openldap default is sane, and to also verify the web application is sane.

--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration