directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu (JIRA)" <>
Subject [jira] Resolved: (DIREVE-296) Storing user passwords other than in clear
Date Tue, 17 Jan 2006 17:14:43 GMT
     [ ]
Alex Karasulu resolved DIREVE-296:

    Fix Version: 0.9.4
     Resolution: Fixed

Thanks Stefan I will create the new issue for the missing parts of this.  Please elaborate
on htat issue.

> Storing user passwords other than in clear
> ------------------------------------------
>          Key: DIREVE-296
>          URL:
>      Project: Directory Server
>         Type: New Feature
>     Reporter: Stefan Zoerner
>     Assignee: Stefan Zoerner
>     Priority: Blocker
>      Fix For: 0.9.4

> Because the admin user is allowed to see everything, I suggest to store the attribute
values for user password other than in clear. I nice solution would be to make this configurable
(other server products allow comparable functionality):
> * Configure a hash function to use for password storage (e.g. MD5, SSHA, ...)
> * Allow clients to store the value as a hashed value on their own as well (calculated
with a function other than the configured one, if they like)
> * Enable simple bind with value in clear text (hash value calculated within the server
and compared against the stored value)
> * Still allow clear passwords, because some authentication mechanisms need this (e.g.
> Hashed values does not add that much security, but at least is is harder for admin to
catch a password and commit it to his/her memory.
> Some products even allow to encrypt the password (two-way), but I think the features
above should do for the first run.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message