Zitat von Darin Perusich <[email protected]>: > Most ldap servers will hash a plain text password to whatever storage > scheme you've defined for your password policies so I'm not even sure > this is necessary. Also by setting hashed values and not having the > directory service hash them it cannot evaluate said password against the > password policy to ensure it meets whatever you've defined for length, > complexity, etc, so the policies are bypassed.
We use OpenLDAP and if i choose PLAIN in LAM the password is really stored as plain, so i guess it would need a schema adjustment :-( On the other hand we have no need to enforce password policy at directory level but let the application handle this and transfer the password already hashed to prevent leaking by accident. So i guess we have to stick with SSHA for LAM and let the user change their password in the webmail system which is able to do crypt-sha512. Thanks Andreas ------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
