The userPassword attribute type [RFC2256] is intended to be used to support the LDAP [RFC2251] "simple" bind operation. However, values of userPassword must be clear text passwords. It is often desirable to store values derived from the user's password(s) instead of actual passwords. The authPassword attribute type is intended to be used to store information used to implement simple password based authentication.
|
RFC 3112 LDAP Authentication Password Schema May 2001 hash algorithm/implementation is flawed), the hashing of passwords is intended to be as an additional layer of protection. It is RECOMMENDED that hashed values be protected as if they were clear text passwords.
This attribute may be used in conjunction with server side password generation mechanisms (such as the LDAP Password Modify ...
tools.ietf.org
|