[ http://issues.apache.org/jira/browse/DIREVE-296?page=all ]
Stefan Zoerner reassigned DIREVE-296:
-------------------------------------
Assign To: Stefan Zoerner (was: Alex Karasulu)
> Storing user passwords other than in clear
> ------------------------------------------
>
> Key: DIREVE-296
> URL: http://issues.apache.org/jira/browse/DIREVE-296
> Project: Directory Server
> Type: New Feature
> Reporter: Stefan Zoerner
> Assignee: Stefan Zoerner
> Priority: Minor
>
> Because the admin user is allowed to see everything, I suggest to store the
> attribute values for user password other than in clear. I nice solution would
> be to make this configurable (other server products allow comparable
> functionality):
> * Configure a hash function to use for password storage (e.g. MD5, SSHA, ...)
> * Allow clients to store the value as a hashed value on their own as well
> (calculated with a function other than the configured one, if they like)
> * Enable simple bind with value in clear text (hash value calculated within
> the server and compared against the stored value)
> * Still allow clear passwords, because some authentication mechanisms need
> this (e.g. DIGEST-MD5)
> Hashed values does not add that much security, but at least is is harder for
> admin to catch a password and commit it to his/her memory.
> Some products even allow to encrypt the password (two-way), but I think the
> features above should do for the first run.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
