directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitry Smeliansky (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DIRSERVER-2179) Password hashing interceptor - password history entries are not hashed
Date Sun, 12 Feb 2017 10:10:41 GMT
Dmitry Smeliansky created DIRSERVER-2179:
--------------------------------------------

             Summary: Password hashing interceptor - password history entries are not hashed
                 Key: DIRSERVER-2179
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2179
             Project: Directory ApacheDS
          Issue Type: Bug
            Reporter: Dmitry Smeliansky


Hi.

In order to use the server-side password policy validation - we have to pass the passwords
as plaintext and not hashed by the client.

Password hashing interceptor hashes the passwords according to the configuration, BUT - the
new added pwdHistory entry will contain the plaintext value of the password.

Is there any way to have the password policy validation on the server and the  hashed password
to be saved in the history at the same time?

Thanks



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message