Re: storing ldap passwords on HSM
Howard Chu wrote:
Michael Ströder wrote:
> 4. In case of SASL mechanisms which require 'userPassword' value(s) in clear
> you would have to implement a reversible encryption password storage schema in
> an OpenLDAP overlay and adapt some other layer/components to correctly use it.
The SASL SCRAM mechanism works without a plaintext userPassword.
Yes, but AFAIK not the current cyrus-sasl implementation.
Not to speak of lack of support by client implementations...
Ciao, Michael.
Attachments:
- smime.p7s (application/pkcs7-signature — 4.2 KB)