directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From suresh ramamurthy <suresh_renu...@yahoo.com>
Subject Re: Can we send SHA of password as the credential for LDAP authentication..
Date Mon, 18 Feb 2013 19:39:28 GMT
Hi Kiran,

Thank you very much for your response....

--Suresh


________________________________
 From: Kiran Ayyagari <kayyagari@apache.org>
To: users@directory.apache.org; suresh ramamurthy <suresh_renuram@yahoo.com> 
Sent: Friday, February 15, 2013 10:30 PM
Subject: Re: Can we send SHA of password as the credential for LDAP authentication..
 




On Sat, Feb 16, 2013 at 7:51 AM, suresh ramamurthy <suresh_renuram@yahoo.com> wrote:

Hi..
>
>We have a requirement to not send clear text as the credential for LDAP bind operation. 
>
>So, we store SHA of the password in the Apache DS LDAP server and we would like to send
the SHA of the password from client as
>the user credential for LDAP authentication. For example, we can set the password as {SHA}blah..blah...
>
>Is it possible to configure Apache DS to ignore hash conversion of the input password
and just compare the password with LDAP DB?
>
>I googled for couple of days and I also looked in the Apache DS code and found that during
bind operation, input password is hashed
>using the algorithm stored along with the password in LDAP DB and then the result is compared. 
>
>Can any one please shed light on this and let me know if we can send SHA of the password
from client instead of the real password for LDAP authentication. 
>Also, is this a valid approach or sending clear password from client is the only approach(assuming
ssl is enabled..)
>
>
this is not the correct way to perform bind operation with the server, use startTLS with clear
text password

Thanks,
>Suresh


-- 
Kiran Ayyagari
http://keydap.com 
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message