Alex Karasulu wrote:
Stefan Zoerner last year hooked up a way to use digested passwords in the
userPassword field I think. I wonder if there could be issues with SASL
and
this mechanism if the password value in the entry is already really a digest
rather than the password itself in plain text. Just wanted to mention a
potential
problem here. I guess you can just check if {SHA1} {MD5} prefixes are
present
in the password value before performing the test. If it is then if the
digest algol
matches then just compare the supplied value with the digest values stored.
You are right, Alex. The feature is described (from a user's point o
view) here:
http://directory.apache.org/apacheds/1.0/31-authentication-options.html
But the server does not digest passwords on his own account, the user
(or his tools) has to calculate the value and transmit it. I still plan
to write a simple interceptor as an example for the docs, which exactly
does this, but this is another story.
Digesting userPassword values in conjunction with SASL DIGEST won't
work, we should clarify this in the documentation.
Greetings from Hamburg,
Stefan
