[ http://issues.apache.org/jira/browse/DIREVE-296?page=comments#action_12362722 ]
Stefan Zoerner commented on DIREVE-296: --------------------------------------- How about closing this issue (hence it is blocker) and create a new wish, which only contains the missing functionality? The latter is only one of the original four list items from this issue missing: To configure an optional password message digest algorithm which is applied on userPassword attribute values at add and modify operations. > Storing user passwords other than in clear > ------------------------------------------ > > Key: DIREVE-296 > URL: http://issues.apache.org/jira/browse/DIREVE-296 > Project: Directory Server > Type: New Feature > Reporter: Stefan Zoerner > Assignee: Stefan Zoerner > Priority: Blocker > > Because the admin user is allowed to see everything, I suggest to store the > attribute values for user password other than in clear. I nice solution would > be to make this configurable (other server products allow comparable > functionality): > * Configure a hash function to use for password storage (e.g. MD5, SSHA, ...) > * Allow clients to store the value as a hashed value on their own as well > (calculated with a function other than the configured one, if they like) > * Enable simple bind with value in clear text (hash value calculated within > the server and compared against the stored value) > * Still allow clear passwords, because some authentication mechanisms need > this (e.g. DIGEST-MD5) > Hashed values does not add that much security, but at least is is harder for > admin to catch a password and commit it to his/her memory. > Some products even allow to encrypt the password (two-way), but I think the > features above should do for the first run. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
