Please post your follow-ups on the mailing list so others can respond and learn as well.
Suneet Shah wrote:
So if create a user and then set the password on an existing user then, the password-hash attribute will work? And I can send the password to OpenLDAP in clear text?
Yes.
Also note the other poster's hint about using slapo-ppolicy and ppolicy_hash_cleartext if you're allowed to configure the server.
I am curious - if the client hashes the password, in my case it would be my java program, how will openldap use that hashed password during authentication?
Wouldnt both (openldap and my java program) need to have the salt used for hashing? And in this case, only my java program would have that salt.
The salt is part of the userPassword value. See more information in OpenLDAP's FAQ-O-MATIC:
http://www.openldap.org/faq/data/cache/419.html
Ciao, Michael.
Thansk MIchael
2012/4/4 Michael Ströder michael@stroeder.com
Please post your follow-ups on the mailing list so others can respond and learn as well.
Suneet Shah wrote:
So if create a user and then set the password on an existing user then,
the
password-hash attribute will work? And I can send the password to
OpenLDAP in
clear text?
Yes.
Also note the other poster's hint about using slapo-ppolicy and ppolicy_hash_cleartext if you're allowed to configure the server.
I am curious - if the client hashes the password, in my case it would be
my
java program, how will openldap use that hashed password during
authentication?
Wouldnt both (openldap and my java program) need to have the salt used
for
hashing? And in this case, only my java program would have that salt.
The salt is part of the userPassword value. See more information in OpenLDAP's FAQ-O-MATIC:
http://www.openldap.org/faq/data/cache/419.html
Ciao, Michael.
Hello, I added the following attribute to my slapd.conf and it does not store the passwords in a hashed form. I am using a java program to to set the userPassword attribute after a user has been created.
password-hash {SSHA}
Is there anything that I need to configure to enable this?
Thanks for your help suneet
2012/4/4 Michael Ströder michael@stroeder.com
Please post your follow-ups on the mailing list so others can respond and learn as well.
Suneet Shah wrote:
So if create a user and then set the password on an existing user then,
the
password-hash attribute will work? And I can send the password to
OpenLDAP in
clear text?
Yes.
Also note the other poster's hint about using slapo-ppolicy and ppolicy_hash_cleartext if you're allowed to configure the server.
I am curious - if the client hashes the password, in my case it would be
my
java program, how will openldap use that hashed password during
authentication?
Wouldnt both (openldap and my java program) need to have the salt used
for
hashing? And in this case, only my java program would have that salt.
The salt is part of the userPassword value. See more information in OpenLDAP's FAQ-O-MATIC:
http://www.openldap.org/faq/data/cache/419.html
Ciao, Michael.
Suneet Shah wrote:
I added the following attribute to my slapd.conf and it does not store the passwords in a hashed form. I am using a java program to to set the userPassword attribute after a user has been created.
password-hash {SSHA}
As said [1] this configuration directive only affects Password Modify extended operation and therefore you might also wanna use ppolicy_hash_cleartext.
Ciao, Michael.
[1] Follow the responses from here: http://www.openldap.org/lists/openldap-technical/201204/msg00043.html
openldap-technical@openldap.org
-
Michael Ströder -
Suneet Shah