On Tue, Apr 9, 2013 at 6:56 PM, Emmanuel Lécharny <[email protected]>wrote:
> Le 4/9/13 2:16 PM, Pierre-Arnaud Marcelot a écrit : > > On 9 avr. 2013, at 14:13, Emmanuel Lécharny <[email protected]> wrote: > > > >> ATM, here is what I suggest : > >> - make the hash password interceptor use the kerberos SearchBaseDN > > But what if we don't have a KDC server defined but still want passwords > to be stored as hashed values and enabled the PasswordHashingInterceptor > for that purpose? > > Anyway, there is a big problem : we don't have access to the > KerberosServer instance nor to the LdapServer instance from the > interceptor, so there is no way we can get the searchBaseDn... > > > let us not interfere with the searchBaseDn semantics instead add a config parameter(as mentioned in my earlier mail) in hashing interceptor to white list a set of containers that need to be excluded from the hashing operation. > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > > -- Kiran Ayyagari http://keydap.com
