directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: [ApacheDS] Bind with hashed password
Date Tue, 08 Dec 2015 15:22:07 GMT
Le 08/12/15 15:48, M. P. a écrit :
>
>>
>> Hope you can explain that to your application developpers...
>
> I started to explain them that it should not be done the way it is
> done now. I can provide them a newer version of the directory, more
> secure, but like I said before, they use this behaviour/issue
> currently and if I want to migrate to a newer version, I have to
> provide them some compatibility possibility the time this is fixed in
> the app.
>
> This is the reason I ask here. Maybe apacheDS was working like this
> before, maybe this is a bug, I don't know what else ...

My personal bet : it was a bug in 1.5.7


> When searching for an explanation, I saw that there are interceptors
> in apacheDS and as a supposition, maybe playing with them allows
> apacheDS to accept these bindings.
That's a possibility. Have they added an interceptor, or a specific
authenticator ? Adding an authenticator that accepts such broken
passwords is a solution that would work.


Mime
View raw message