Hi Stefan,

Thanks for chimming in with the additional info.  It might come in handy for

what Enrique is working on.

Alex

On 3/6/07, Stefan Zoerner <[EMAIL PROTECTED]> wrote:

Alex Karasulu wrote:
> Stefan Zoerner last year hooked up a way to use digested passwords in
the
> userPassword field I think.  I wonder if there could be issues with SASL
> and
> this mechanism if the password value in the entry is already really a
digest
> rather than the password itself in plain text.  Just wanted to mention a
> potential
> problem here.  I guess you can just check if {SHA1} {MD5} prefixes are
> present
> in the password value before performing the test.  If it is then if the
> digest algol
> matches then just compare the supplied value with the digest values
stored.

You are right, Alex. The feature is described (from a user's point o
view) here:

http://directory.apache.org/apacheds/1.0/31-authentication-options.html

But the server does not digest passwords on his own account, the user
(or his tools) has to calculate the value and transmit it. I still plan
to write a simple interceptor as an example for the docs, which exactly
does this, but this is another story.

Digesting userPassword values in conjunction with SASL DIGEST won't
work, we should clarify this in the documentation.

Greetings from Hamburg,
     Stefan


Reply via email to