[email protected] wrote: > Full_Name: Daniel Pocock > Version: > OS: Debian > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (2001:1620:b22::2042) > > > There are a few protocols that use a HA1[1] password hash, such as HTTP > DIGEST[1], SIP DIGEST[2] and TURN[3] (which uses HMAC rather than DIGEST) > > Is there a standard LDAP attribute name for storing a HA1 value or > should it be stored in a regular userPassword attribute as described in > the manual[4]?
The ITS is not for usage questions. You already asked this and were answered on the discussion mailing list. http://www.openldap.org/lists/openldap-technical/201507/msg00073.html There is nothing here that requires any OpenLDAP development activity. It's all already handled by the SASL Digest mechanism, as I already noted in the above email. Closing this ITS. > I came across smbk5pwd for keeping SMB password attributes in sync. Is > there a similar facility for keeping HA1 passwords in sync when a user > changes the password or how could a developer go about adding that, > would the smbk5pwd source be a useful model? > > Discussed on the mailing list already[5] > > 1. http://tools.ietf.org/html/rfc2617#section-3 > 2. https://tools.ietf.org/html/rfc3261#cection-22.4 > 3. https://tools.ietf.org/html/rfc5389#section-15.4 > 4. http://www.openldap.org/doc/admin24/security.html#Password%20Storage > 5. http://www.openldap.org/lists/openldap-technical/201507/msg00039.html > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
