directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Can we send SHA of password as the credential for LDAP authentication..
Date Sat, 16 Feb 2013 06:30:17 GMT
On Sat, Feb 16, 2013 at 7:51 AM, suresh ramamurthy <suresh_renuram@yahoo.com
> wrote:

> Hi..
>
> We have a requirement to not send clear text as the credential for LDAP
> bind operation.
>
> So, we store SHA of the password in the Apache DS LDAP server and we would
> like to send the SHA of the password from client as
> the user credential for LDAP authentication. For example, we can set the
> password as {SHA}blah..blah...
>
> Is it possible to configure Apache DS to ignore hash conversion of the
> input password and just compare the password with LDAP DB?
>
> I googled for couple of days and I also looked in the Apache DS code and
> found that during bind operation, input password is hashed
> using the algorithm stored along with the password in LDAP DB and then the
> result is compared.
>
> Can any one please shed light on this and let me know if we can send SHA
> of the password from client instead of the real password for LDAP
> authentication.
> Also, is this a valid approach or sending clear password from client is
> the only approach(assuming ssl is enabled..)
>
> this is not the correct way to perform bind operation with the server, use
startTLS with clear text password

> Thanks,
> Suresh




-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message