directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject [ApacheDS] hashing passwords before storing
Date Sun, 31 Oct 2010 07:49:21 GMT
  hello dev,

  Currently we don't have a feature to automatically hash the passwords before
  storing them, I would like to propose that we should add this feature.

  I would like to add a new interceptor to support this feature:

   1. It is easy to enable/disable without adding some more config options
       to DirectoryService
   2. We can place at the appropriate position in the interceptor chain so that
       changelog and journals will also have the same password as the DIT

  We currently support the following hashing algorithms
        SHA, SSHA, MD5, SMD5, Crypt, SHA-2 (256, 384, 512 along with their
        salted counterparts)

  Studio might need to change its 'password change' screen by adding an option
  to send the plain text password though the original password is hashed.
  (AFAIU currently studio hashes on the client side and sends)

 thoughts?
-- 
Kiran Ayyagari

Mime
View raw message