Re: storing ldap passwords on HSM
Michael Ströder wrote:
4. In case of SASL mechanisms which require 'userPassword'
value(s) in clear
you would have to implement a reversible encryption password storage schema in
an OpenLDAP overlay and adapt some other layer/components to correctly use it.
The SASL SCRAM mechanism works without a plaintext userPassword.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/