[
https://issues.apache.org/jira/browse/DIRKRB-82?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13040605#comment-13040605
]
Jeff Domeyer commented on DIRKRB-82:
------------------------------------
I also dislike logging passwords, so I removed that.
an example interceptors configuration:
<interceptors>
...
<!--<passwordPolicyInterceptor/>-->
<!--<keyDerivationInterceptor/>-->
<s:bean
class="org.apache.directory.server.core.kerberos.ConfigurableKeyDerivationInterceptor">
<s:property name="encryptUserPassword" value="SSHA" />
</s:bean>
...
> Kerberos Requires Plain Text Password
> -------------------------------------
>
> Key: DIRKRB-82
> URL: https://issues.apache.org/jira/browse/DIRKRB-82
> Project: Directory Kerberos
> Issue Type: New Feature
> Affects Versions: 2.5.0
> Environment: All Environments
> Reporter: Jeff Domeyer
> Assignee: Emmanuel Lecharny
> Priority: Minor
> Attachments: ConfigurableKeyDerivationInterceptor.java
>
>
> I would imagine a lot of people dislike storing password in LDAP in plain
> text, and unfortunately the client application is producing the
> hashed/encrypted password to be stored in LDAP, so when the Kerberos
> interceptor comes along, it can only use plain text passwords to calculate
> the Kerberos keys.
> I created a subclass of KeyDerivationInterceptor, that when configured, will
> replace the plain text password with a hash of your choice.
> (Looks like I can't attach here, will try attaching after creation of issue).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
