Re: PHP: issues managing the password, what is wrong?
Hello,
Alberto Moreno wrote:
...
My current problem is with the password, I have found small app that
wants to compare the input of the password vs the ldap password this
will let us identify the user.
As Dieter already said, wrong. Authenticate directly with provided
credentials, or use "proxy" user to search for uid resp. DN, then try to
authenticate against it with provided credentials.
Well searching aroun, I found the crypt function but there is a
thing that I don't like it:
"The standard DES-based encryption crypt() returns the salt as the
first two characters of the output. It also only uses the first eight
characters of str , so longer strings that start with the same eight
characters will generate the same result (when the same salt is used)"
How can I deal with this note: 8 characters only?
I believe this is broken, or obsolete. I'm using Perl port of Unix
crypt() function, and it works just fine for "any" password lengths.
8 characters limitation sounds like - history :)
Zdenek
--
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla(a)turnovfree.net
jabber: stybla(a)jabber.turnovfree.net