Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
O
OpenLDAP
Manage
Activity
Members
Labels
Plan
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Christopher Ng
OpenLDAP
Commits
68aebc05
Commit
68aebc05
authored
22 years ago
by
Kurt Zeilenga
Browse files
Options
Downloads
Patches
Plain Diff
Clean up hash password scheme stuff
parent
11a07153
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
doc/man/man5/slapd.conf.5
+5
-5
5 additions, 5 deletions
doc/man/man5/slapd.conf.5
doc/man/man8/slappasswd.8
+14
-9
14 additions, 9 deletions
doc/man/man8/slappasswd.8
with
19 additions
and
14 deletions
doc/man/man5/slapd.conf.5
+
5
−
5
View file @
68aebc05
...
@@ -439,25 +439,25 @@ and
...
@@ -439,25 +439,25 @@ and
.BR {CLEARTEXT} .
.BR {CLEARTEXT} .
The default is
The default is
.BR {SSHA} .
.BR {SSHA} .
.TP
.B {SHA}
.B {SHA}
and
and
.B {SSHA}
.B {SSHA}
use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
.TP
.B {MD5}
.B {MD5}
and
and
.B {SMD5}
.B {SMD5}
use the MD5 algorithm (RFC 1321), the latter with a seed.
use the MD5 algorithm (RFC 1321), the latter with a seed.
.TP
.B {CRYPT}
.B {CRYPT}
uses the
uses the
.BR crypt (3).
.BR crypt (3).
.TP
.B {CLEARTEXT}
.B {CLEARTEXT}
indicates that the new password should be
indicates that the new password should be
added to userPassword as clear text.
added to userPassword as clear text.
.TP
Note that this option does not alter the normal user applications
Note that this option does not alter the normal user applications
handling of userPassword during LDAP Add, Modify, or other LDAP operations.
handling of userPassword during LDAP Add, Modify, or other LDAP operations.
.TP
.TP
...
...
This diff is collapsed.
Click to expand it.
doc/man/man8/slappasswd.8
+
14
−
9
View file @
68aebc05
...
@@ -29,7 +29,7 @@ configuration directive.
...
@@ -29,7 +29,7 @@ configuration directive.
enable verbose mode.
enable verbose mode.
.TP
.TP
.B \-u
.B \-u
Generate RFC2307 userPassword values (the default). Future
Generate RFC
2307 userPassword values (the default). Future
versions of this program may generate alternative syntaxes
versions of this program may generate alternative syntaxes
by default. This option is provided for forward compatibility.
by default. This option is provided for forward compatibility.
.TP
.TP
...
@@ -38,7 +38,7 @@ The secret to hash. If not provided, the user will be prompted
...
@@ -38,7 +38,7 @@ The secret to hash. If not provided, the user will be prompted
for the secret to hash.
for the secret to hash.
.TP
.TP
.BI \-h " scheme"
.BI \-h " scheme"
If -h is specified, one of the following RFC2307 schemes may
If -h is specified, one of the following RFC
2307 schemes may
be specified:
be specified:
.IR {CRYPT} ,
.IR {CRYPT} ,
.IR {MD5} ,
.IR {MD5} ,
...
@@ -47,21 +47,21 @@ be specified:
...
@@ -47,21 +47,21 @@ be specified:
.IR {SHA} .
.IR {SHA} .
The default is
The default is
.IR {SSHA} .
.IR {SSHA} .
.TP
.B {SHA}
.B {SHA}
and
and
.B {SSHA}
.B {SSHA}
use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
.TP
.B {MD5}
.B {MD5}
and
and
.B {SMD5}
.B {SMD5}
use the MD5 algorithm (RFC 1321), the latter with a seed.
use the MD5 algorithm (RFC 1321), the latter with a seed.
.TP
.B {CRYPT}
.B {CRYPT}
uses the
uses the
.BR crypt (3).
.BR crypt (3).
.TP
.B {CLEARTEXT}
.B {CLEARTEXT}
indicates that the new password should be added to userPassword as
indicates that the new password should be added to userPassword as
clear text.
clear text.
...
@@ -81,9 +81,11 @@ versions of crypt(3) to use an MD5 algorithm and provides
...
@@ -81,9 +81,11 @@ versions of crypt(3) to use an MD5 algorithm and provides
provides 31 characters of salt.
provides 31 characters of salt.
.SH LIMITATIONS
.SH LIMITATIONS
The practice storing hashed passwords in userPassword violates
The practice storing hashed passwords in userPassword violates
Standard Track (RFC2256) schema specifications and may hinder
Standard Track (RFC 2256) schema specifications and may hinder
interoperability. A new attribute type to hold hashed
interoperability. A new attribute type, authPassword, to hold
passwords is needed.
hashed passwords has been defined (RFC 3112), but is not yet
implemented in
.BR slapd (8).
.SH "SECURITY CONSIDERATIONS"
.SH "SECURITY CONSIDERATIONS"
Use of hashed passwords does not protect passwords during
Use of hashed passwords does not protect passwords during
protocol transfer. TLS or other eavesdropping protections
protocol transfer. TLS or other eavesdropping protections
...
@@ -95,6 +97,9 @@ were clear text passwords.
...
@@ -95,6 +97,9 @@ were clear text passwords.
.BR ldapmodify (1),
.BR ldapmodify (1),
.BR slapd (8)
.BR slapd (8)
.BR slapd.conf (5)
.BR slapd.conf (5)
.B RFC 2307
.B RFC 2256
.B RFC 3112
.LP
.LP
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
"OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
.SH ACKNOWLEDGEMENTS
.SH ACKNOWLEDGEMENTS
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
