directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From suresh ramamurthy <>
Subject Can we send SHA of password as the credential for LDAP authentication..
Date Sat, 16 Feb 2013 02:21:55 GMT

We have a requirement to not send clear text as the credential for LDAP bind operation. 

So, we store SHA of the password in the Apache DS LDAP server and we would like to send the
SHA of the password from client as
the user credential for LDAP authentication. For example, we can set the password as {SHA}blah..blah...

Is it possible to configure Apache DS to ignore hash conversion of the input password and
just compare the password with LDAP DB?

I googled for couple of days and I also looked in the Apache DS code and found that during
bind operation, input password is hashed
using the algorithm stored along with the password in LDAP DB and then the result is compared. 

Can any one please shed light on this and let me know if we can send SHA of the password
from client instead of the real password for LDAP authentication. 
Also, is this a valid approach or sending clear password from client is the only approach(assuming
ssl is enabled..)

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message