Re: storing ldap passwords on HSM
lux-integ wrote:
On Monday 08 December 2014 09:52:11 Michael Ströder wrote:
> In case of SASL mechanisms which require 'userPassword' value(s) in clear
> you would have to implement a reversible encryption password storage schema
> in an OpenLDAP overlay and adapt some other layer/components to correctly
> use it
very ineresting
has anyhing like this been attempted ?
In a project a collegue implemented a closed source overlay with RSA private
key stored on disk.
For open source examples of overlays implementing different password storage
methods see directory contrib/slapd-modules/passwd/ in OpenLDAP's source
distribution.
Ciao, Michael.
Attachments:
- smime.p7s (application/pkcs7-signature — 4.2 KB)