directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: [ApacheDS] hashing passwords before storing
Date Sun, 31 Oct 2010 11:36:02 GMT
On 10/31/10 8:49 AM, Kiran Ayyagari wrote:
>    hello dev,
>    Currently we don't have a feature to automatically hash the passwords before
>    storing them, I would like to propose that we should add this feature.
>    I would like to add a new interceptor to support this feature:
>     1. It is easy to enable/disable without adding some more config options
>         to DirectoryService
>     2. We can place at the appropriate position in the interceptor chain so that
>         changelog and journals will also have the same password as the DIT
>    We currently support the following hashing algorithms
>          SHA, SSHA, MD5, SMD5, Crypt, SHA-2 (256, 384, 512 along with their
>          salted counterparts)
>    Studio might need to change its 'password change' screen by adding an option
>    to send the plain text password though the original password is hashed.
>    (AFAIU currently studio hashes on the client side and sends)
>   thoughts?
Go for it. I like the idea of having an interceptor to do that. We don't 
want to add some new element in he configuration, that's right !

Emmanuel L├ęcharny

View raw message