Re: bindpw and SSHA

Friday, 26 September 2008

On Friday 26 September 2008 11:08:32 Nick Kasparidis wrote:
...
 Hello everyone,

 I have a small problem setting up my ldap client.

 The issue comes from trying to force authenticated queries. So I have
 set the following lines in my slapd.conf

 disallow        bind_anon
 require         authc

 on the client side I have added the following lines to my ldap.conf

 binddn cn=manager,dc=domain,dc=com
 bindpw {SSHA}<the hash>

A simple bind requires that the client has the *cleartext* password.

What documentation that you read made you believe you could use a hash?

Are you aware of what a hash is? The whole point of a hash is to be a one-way 
test. Allowing the "cleartext" has to be a password equivalent would defeat 
the purpose of the hash.

If you don't want cleartext, you can use a SASL method. But, the SASL methods 
still require a secret to be available on the client side ... (private key, 
Kerberos keytab etc.).

Regards,
Buchan

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: bindpw and SSHA