Commit ee82bba8 authored by Gavin Henry's avatar Gavin Henry
Browse files

Removed {CLEARTEXT} section and move {SSHA} to beginning.

parent 684a213f
......@@ -194,14 +194,15 @@ database.
The disadvantage of hashed storage is that it prevents the use of some
authentication mechanisms such as {{EX:DIGEST-MD5}}.
H3: CLEARTEXT password storage scheme
H3: SSHA password storage scheme
Cleartext passwords can be stored directly in the {{userPassword}}
attribute, or can have the '{CLEARTEXT}' prefix. These two values are
equivalent:
This is the salted version of the SHA scheme. It is believed to be the
most secure password storage scheme supported by {{slapd}}.
> userPassword: secret
> userPassword: {CLEARTEXT}secret
These values represent the same password:
> userPassword: {SSHA}DkMTwBl+a/3DQTxCYEApdUtNXGgdUac3
> userPassword: {SSHA}d0Q0626PSH9VUld7yWpR0k6BlpQmtczb
H3: CRYPT password storage scheme
......@@ -218,7 +219,6 @@ transferred to or from an existing Unix password file without having
to know the cleartext form. Both forms of {{crypt}} include salt so
they have some resistance to dictionary attacks.
Note: Since this scheme uses the operation system's {{crypt(3)}} hash function,
it is therefore operation system specific.
......@@ -251,16 +251,6 @@ of salt leaves the scheme exposed to dictionary attacks.
> userPassword: {SHA}5en6G6MezRroT3XKqkdPOmY/BfQ=
H3: SSHA password storage scheme
This is the salted version of the SHA scheme. It is believed to be the
most secure password storage scheme supported by {{slapd}}.
These values represent the same password:
> userPassword: {SSHA}DkMTwBl+a/3DQTxCYEApdUtNXGgdUac3
> userPassword: {SSHA}d0Q0626PSH9VUld7yWpR0k6BlpQmtczb
H3: SASL password storage scheme
This is not really a password storage scheme at all. It uses the
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment