Return-Path: 
 <dev-return-42365-apmail-directory-dev-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-dev-archive@www.apache.org
Delivered-To: apmail-directory-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 7F7D9E29F
	for <apmail-directory-dev-archive@www.apache.org>;
 Sun, 10 Feb 2013 19:55:19 +0000 (UTC)
Received: (qmail 54024 invoked by uid 500); 10 Feb 2013 19:55:19 -0000
Delivered-To: apmail-directory-dev-archive@directory.apache.org
Received: (qmail 53992 invoked by uid 500); 10 Feb 2013 19:55:19 -0000
Mailing-List: contact dev-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@directory.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@directory.apache.org>
List-Post: <mailto:dev@directory.apache.org>
List-Id: <dev.directory.apache.org>
Reply-To: "Apache Directory Developers List" <dev@directory.apache.org>
Delivered-To: mailing list dev@directory.apache.org
Received: (qmail 53985 invoked by uid 99); 10 Feb 2013 19:55:19 -0000
Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Feb 2013 19:55:19 +0000
Received: from localhost (HELO mail-ee0-f43.google.com) (127.0.0.1)
  (smtp-auth username elecharny, mechanism plain)
  by minotaur.apache.org (qpsmtpd/0.29) with ESMTP;
 Sun, 10 Feb 2013 19:55:19 +0000
Received: by mail-ee0-f43.google.com with SMTP id c50so2902074eek.2
        for <dev@directory.apache.org>; Sun, 10 Feb 2013 11:55:17 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.14.182.137 with SMTP id o9mr6458497eem.13.1360526117012;
 Sun, 10 Feb 2013 11:55:17 -0800 (PST)
Reply-To: elecharny@apache.org
Received: by 10.223.134.74 with HTTP; Sun, 10 Feb 2013 11:55:16 -0800 (PST)
Received: by 10.223.134.74 with HTTP; Sun, 10 Feb 2013 11:55:16 -0800 (PST)
In-Reply-To: <5117F4E2.1070909@symas.com>
References: <51177911.9050608@gmail.com>
	<5117F4E2.1070909@symas.com>
Date: Sun, 10 Feb 2013 20:55:16 +0100
Message-ID: 
 <CAG8=FRhZXV=x_kdBXqPNMHfWcVb_q8QMbQ43-urEiHqxn0uNVg@mail.gmail.com>
Subject: Re: Kerberos keys & passwords
From: Emmanuel Lecharny <elecharny@apache.org>
To: Apache Directory Developers List <dev@directory.apache.org>
Content-Type: multipart/alternative; boundary=047d7b343f60e985b704d5642b09

--047d7b343f60e985b704d5642b09
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Le 10 f=E9vr. 2013 20:28, "Howard Chu" <hyc@symas.com> a =E9crit :

> In OpenLDAP the multiple userPassword values are just different hashes of
the same plaintext. Does that approach work here ?

Well, if the values are all representing the same password, then we don't
have any problem. The question is much more about a user storing more than
one password. This is not explicitely forbidden, and we migth want to allow
that.

But we can also decide that we should only keep one single password (and
many values).

--047d7b343f60e985b704d5642b09
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p><br>
Le 10 f=E9vr. 2013 20:28, &quot;Howard Chu&quot; &lt;<a href=3D"mailto:hyc@=
symas.com">hyc@symas.com</a>&gt; a =E9crit=A0:</p>
<p>&gt; In OpenLDAP the multiple userPassword values are just different has=
hes of the same plaintext. Does that approach work here ?</p>
<p>Well, if the values are all representing the same password, then we don&=
#39;t have any problem. The question is much more about a user storing more=
 than one password. This is not explicitely forbidden, and we migth want to=
 allow that.</p>

<p>But we can also decide that we should only keep one single password (and=
 many values).<br>
</p>

--047d7b343f60e985b704d5642b09--