directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "M. P." <>
Subject [ApacheDS] Bind with hashed password
Date Tue, 08 Dec 2015 11:09:09 GMT
Hi all,

I'm working for a new company for some months now and I have as a 
project to renew our directory server. The company uses ApacheDS 1.5.7 
and I have a question about it's behaviour.

We can bind to this apacheDS server providing plain passwords and also 
providing full userPassword fields when password are encrypted in the 
directory. I mean providing {enc_mecanism}hashed_password as a password.

This behaviour is very strange for me and in my point of view is a big 
security issue. What I want to know is how is it possible that you can 
bind providing hashed password ?

I ask because some apps here rely on this behaviour/issue and I want to 
know how I can reproduce it for compatibility reasons ? (that will be 
discarded later)

Thanks for your explanations.


M. P.

View raw message