directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <akaras...@apache.org>
Subject Re: [ApacheDS] hashing passwords before storing
Date Sun, 31 Oct 2010 21:01:24 GMT
On Sun, Oct 31, 2010 at 9:49 AM, Kiran Ayyagari <kayyagari@apache.org>wrote:

>  hello dev,
>
>  Currently we don't have a feature to automatically hash the passwords
> before
>  storing them, I would like to propose that we should add this feature.
>
>  I would like to add a new interceptor to support this feature:
>
>   1. It is easy to enable/disable without adding some more config options
>       to DirectoryService
>

+1


>   2. We can place at the appropriate position in the interceptor chain so
> that
>       changelog and journals will also have the same password as the DIT
>
>
+1


>  We currently support the following hashing algorithms
>        SHA, SSHA, MD5, SMD5, Crypt, SHA-2 (256, 384, 512 along with their
>        salted counterparts)
>
>
Should be sufficient.


>  Studio might need to change its 'password change' screen by adding an
> option
>  to send the plain text password though the original password is hashed.
>  (AFAIU currently studio hashes on the client side and sends)
>
>  thoughts?
>
>
Thanks for taking this on Kiran. Any bit of additional security is great. I
know you've thought through all the relevant implications this might have
with any other authentication mechanisms we have.

-- 
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org
To set up a meeting with me: http://tungle.me/AlexKarasulu

Mime
View raw message