5 Jun
2008
5 Jun
'08
10:55 a.m.
Buchan Milne wrote:
Except by brute-forcing, no.
If you think logically about this, you will realise that this should be impossible.
Yes I pretty much figured both answers, was just making sure I didn't overlook something.
The best option here is to change the default password hashing method (see the 'password-hash' directive for slapd.conf), and force password changes (if done via an LDAP password change extended operation, slapd will take care of hashing the password correctly).
How would I force a password change? Currently authentication through LDAP (using pam) is done mainly for email and ssh to a lesser extent.
Regards, Jeroen