Markus Moeller wrote:
> I know that other methods are better and Kerberos is my preferred
> option. Unfortunately I still need to support applications for which I
> don't have the source and I can't get the vendor to change it. I
> addition I am bound to Microsoft's AD use of unixuserpassword which is
> synchronized with the Kerberos password.
>
> I appreciate that you check for ldap RFC compliance (which is not really
> the case as it is now) but I still would prefer the ability to overwrite
> the behavior and let the application decide if it is OK or not. Also as
> there are many possible encryption algorithm why does the code require
> {crypt} ?
Exactly because there are many possible password hashing algorithms.
Only those that are prefixed {crypt} are dealt with on the client side
by using the crypt(3C) library call. All others are dealt with on the
LDAP server.
> Markus
>
> BTW it works fine on other platforms (e.g. Linux)
I assuming using OpenLDAP right ?
Please give an example of one of these hashes that "works fine".
--
Darren J Moffat
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
