Intergrate Heimdal's hdb-ldap and Samba
Howard Chu
hyc at highlandsun.com
Sun Feb 29 06:11:44 GMT 2004
> -----Original Message-----
> From: owner-heimdal-discuss at sics.se
> [mailto:owner-heimdal-discuss at sics.se]On Behalf Of Andrew Bartlett
> One thing we probably should allow (but probably not encourage) is
> putting plaintext passwords into LDAP, so that Samba, Heimdal,
> Cyrus-SASL, HTTP-Digest and the rest can all use the exact same
> password, without the multiple-hashes problem. Then each program can
> hash it as required.
We have a patch for OpenLDAP to let default_passwd_hash take a list of hash
schemes instead of just one. Then whenever using the PasswordModify exop, all
of the hashes will be generated from the provided plaintext password. This
will allow multiple hashes to be maintained without actually needing to store
the plaintext. This patch will be in OpenLDAP's CVS HEAD soon. We also have a
{KRB5KEY} hash so that Heimdal can have its keys maintained automatically by
slapd. Of course Cyrus SASL still uses the plaintext...
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
More information about the samba-technical
mailing list