Quanah Gibson-Mount wrote:
I'm curious why you think only plain text passwords get stored in OpenLDAP. Have you actually read the documentation? Most people use hashes.
I don't think plain text is the only option. My wording was inaccurate in this respect.
I know that salted hashed offers good protection against off-line password guessing directory attacks, but this is lesser protection than what would be offered by genuine encryption with good key management.
I know that some protocol-side (challenge-response type) require in-memory access to plain text passwords, which can not be recovered from hashed or salted hashed representations.
Regards, -- - Thierry Moreau --- You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
