[ http://issues.apache.org/jira/browse/DIREVE-296?page=comments#action_12362359 ]
Alex Karasulu commented on DIREVE-296: -------------------------------------- Sounds great Stefan. Congrats on your first feature addition to the server. This is exactly what we're lookiing for in 1.0. Just not to have passwords in the clear stored in the repo is a big plus. I'll be looking to play with this feature within a litle bit. Thanks!!! > Storing user passwords other than in clear > ------------------------------------------ > > Key: DIREVE-296 > URL: http://issues.apache.org/jira/browse/DIREVE-296 > Project: Directory Server > Type: New Feature > Reporter: Stefan Zoerner > Assignee: Stefan Zoerner > Priority: Blocker > > Because the admin user is allowed to see everything, I suggest to store the > attribute values for user password other than in clear. I nice solution would > be to make this configurable (other server products allow comparable > functionality): > * Configure a hash function to use for password storage (e.g. MD5, SSHA, ...) > * Allow clients to store the value as a hashed value on their own as well > (calculated with a function other than the configured one, if they like) > * Enable simple bind with value in clear text (hash value calculated within > the server and compared against the stored value) > * Still allow clear passwords, because some authentication mechanisms need > this (e.g. DIGEST-MD5) > Hashed values does not add that much security, but at least is is harder for > admin to catch a password and commit it to his/her memory. > Some products even allow to encrypt the password (two-way), but I think the > features above should do for the first run. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
