Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 82567 invoked from network); 31 Oct 2010 07:49:53 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 31 Oct 2010 07:49:53 -0000 Received: (qmail 32069 invoked by uid 500); 31 Oct 2010 07:49:53 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 31869 invoked by uid 500); 31 Oct 2010 07:49:51 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 31862 invoked by uid 99); 31 Oct 2010 07:49:50 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 31 Oct 2010 07:49:49 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of ayyagarikiran@gmail.com designates 209.85.214.178 as permitted sender) Received: from [209.85.214.178] (HELO mail-iw0-f178.google.com) (209.85.214.178) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 31 Oct 2010 07:49:42 +0000 Received: by iwn1 with SMTP id 1so6371005iwn.37 for ; Sun, 31 Oct 2010 00:49:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=7tOBP7mQ7jApiTK0BDDL+Qjl02ex/kEbIJb9IhWlEhI=; b=vVkSaJ8C3GdwqUQIcY3MDB0YJJzerjuqk/iAdg7JHKoo9LspIH6UQpU89h4+6jz6Ja BlQP3cuubWmRu+qbTO3uLZ8rs3UsNdz1DKryGZBz4pQeuF5fm8Vggty1Dg5gzJIssU40 UORXmnmnutP/ccAJDFOlTcLIfqUFG1FWRQzys= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=qqL64Vr/two37MzYqXpsidFCjK+3uo2aurBSKf/EQ27jpppNDxD1OVBtNmgXSsMvrh 5xXRBhpBDaSGoF/tjejUScquiNRfJ9ZpnuNZCzeNi0VKc2tOk7UwER/tvn9PYokBhwcJ ADY8Ijm03EkEwDtrCvW6wopSiyyK2IOlkKo+o= MIME-Version: 1.0 Received: by 10.42.240.71 with SMTP id kz7mr7761478icb.0.1288511361226; Sun, 31 Oct 2010 00:49:21 -0700 (PDT) Sender: ayyagarikiran@gmail.com Received: by 10.231.16.69 with HTTP; Sun, 31 Oct 2010 00:49:21 -0700 (PDT) Date: Sun, 31 Oct 2010 13:19:21 +0530 X-Google-Sender-Auth: fAgfc8RlD9BhGN2y-TiZYnVACD4 Message-ID: Subject: [ApacheDS] hashing passwords before storing From: Kiran Ayyagari To: Apache Directory Developers List Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org hello dev, Currently we don't have a feature to automatically hash the passwords before storing them, I would like to propose that we should add this feature. I would like to add a new interceptor to support this feature: 1. It is easy to enable/disable without adding some more config options to DirectoryService 2. We can place at the appropriate position in the interceptor chain so that changelog and journals will also have the same password as the DIT We currently support the following hashing algorithms SHA, SSHA, MD5, SMD5, Crypt, SHA-2 (256, 384, 512 along with their salted counterparts) Studio might need to change its 'password change' screen by adding an option to send the plain text password though the original password is hashed. (AFAIU currently studio hashes on the client side and sends) thoughts? -- Kiran Ayyagari