directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: SearchBaseDN, Kerberos, SASL and password hashing...
Date Tue, 09 Apr 2013 16:32:39 GMT
On Tue, Apr 9, 2013 at 6:56 PM, Emmanuel Lécharny <elecharny@gmail.com>wrote:

> Le 4/9/13 2:16 PM, Pierre-Arnaud Marcelot a écrit :
> > On 9 avr. 2013, at 14:13, Emmanuel Lécharny <elecharny@gmail.com> wrote:
> >
> >> ATM, here is what I suggest :
> >> - make the hash password interceptor use the kerberos SearchBaseDN
> > But what if we don't have a KDC server defined but still want passwords
> to be stored as hashed values and enabled the PasswordHashingInterceptor
> for that purpose?
>
> Anyway, there is a big problem : we don't have access to the
> KerberosServer instance nor to the LdapServer instance from the
> interceptor, so there is no way we can get the searchBaseDn...
>
>
> let us not interfere with the searchBaseDn semantics instead add a config
parameter(as mentioned in my earlier mail)
in hashing interceptor to white list a set of containers that need to be
excluded from the hashing operation.


> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message