Return-Path: X-Original-To: apmail-directory-dev-archive@www.apache.org Delivered-To: apmail-directory-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 75940F1CA for ; Tue, 9 Apr 2013 13:26:42 +0000 (UTC) Received: (qmail 21687 invoked by uid 500); 9 Apr 2013 13:26:42 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 21491 invoked by uid 500); 9 Apr 2013 13:26:41 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 21444 invoked by uid 99); 9 Apr 2013 13:26:40 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Apr 2013 13:26:40 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of elecharny@gmail.com designates 209.85.215.180 as permitted sender) Received: from [209.85.215.180] (HELO mail-ea0-f180.google.com) (209.85.215.180) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Apr 2013 13:26:33 +0000 Received: by mail-ea0-f180.google.com with SMTP id d10so2801635eaj.39 for ; Tue, 09 Apr 2013 06:26:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=eXhukK/GQO6yL/hMcCib16ZGhWgGSCT1xBsg2Oa18FU=; b=oX28VUVMqvitlTZC1Gy/ps8vPGHoD28wE5Pxzg8tZ5Ny4vHDu5oO3sLYa2zpP1OKQi 4l8lXx6V22Mu6As5A5ZWgBPMSPlMclC3sgdd93HqeeoMvI1PlpEJ6yzmA1wKVnerkvY7 45yU2/m/doHYsx8ESeksnJ2fZ/4Zg3df0Q0UekcrxkPGF7fjGOXZt3yDis+V6q9c5X0z ahPrxO1xM+JtOVef5RjmM5Bw9AEwXLC+GQcXrrgDNtML48BvOzN2JYAFb6qKcNnBYkYG DGqPR2fLNiv7CPVsKkX6bjspnUQX/38lBkY+W+CyVsFxCNuoR6KNlpDBr0yJ2t5Ry9j+ zYig== X-Received: by 10.15.27.195 with SMTP id p43mr25164119eeu.8.1365513973257; Tue, 09 Apr 2013 06:26:13 -0700 (PDT) Received: from Emmanuels-MacBook-Pro.local (lon92-10-78-226-4-211.fbx.proxad.net. [78.226.4.211]) by mx.google.com with ESMTPS id b5sm6279757eew.16.2013.04.09.06.26.11 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 09 Apr 2013 06:26:12 -0700 (PDT) Message-ID: <516416F3.5040502@gmail.com> Date: Tue, 09 Apr 2013 15:26:11 +0200 From: =?UTF-8?B?RW1tYW51ZWwgTMOpY2hhcm55?= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 MIME-Version: 1.0 To: Apache Directory Developers List Subject: Re: SearchBaseDN, Kerberos, SASL and password hashing... References: <5162F0B8.7030602@gmail.com> <74C2DB88-F3FE-4E28-8266-5DA68FC6BF7E@marcelot.net> <516405D5.1010809@gmail.com> In-Reply-To: X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Le 4/9/13 2:16 PM, Pierre-Arnaud Marcelot a écrit : > On 9 avr. 2013, at 14:13, Emmanuel Lécharny wrote: > >> ATM, here is what I suggest : >> - make the hash password interceptor use the kerberos SearchBaseDN > But what if we don't have a KDC server defined but still want passwords to be stored as hashed values and enabled the PasswordHashingInterceptor for that purpose? Anyway, there is a big problem : we don't have access to the KerberosServer instance nor to the LdapServer instance from the interceptor, so there is no way we can get the searchBaseDn... -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com