Thanks you so much, I never knew this! Thanks for all the help!
-----Original Message----- From: openldap-software-bounces+douglas=gpc.edu@openldap.org [mailto:openldap-software-bounces+douglas=gpc.edu@openldap.org]On Behalf Of Kurt D. Zeilenga Sent: Monday, November 20, 2006 9:47 PM To: Douglas B. Jones Cc: douglas@gpc.edu; openldap-software@openldap.org Subject: Re: password validation
At 08:36 AM 11/15/2006, Douglas B. Jones wrote:
b) tries to validate against all three locations.
Your assumption that a crypt(3) password generated on one system (or by one cyrpt(3) implementation) is verifiable by another is not generally valid. It is well known that crypt(3) behavior (whether by design or by bug) is implementation dependent and, hence, portability of crypt(3)'ed passwords limited. This is why use of {CRYPT} is generally discouraged and why {CRYPT} support is disabled by default in slapd(8).
This is discussed in the FAQ. http://www.openldap.org/faq/index.cgi?file=344http://www.openldap.org/faq/index.cgi?file=344
Kurt