This is a little off-the-cuff, but could you rewrite blank passwords coming in to something that you could keep in your database as representing "blank"? Or is rewrite back-end?
On 1/9/06, Howard Chu <[EMAIL PROTECTED]> wrote: > Emmanuel Dreyfus wrote: > > Max Williams <[EMAIL PROTECTED]> wrote: > > > > > >> Does anyone know a work around or some way of allowing clients to > >> authenticate > >> with blank passwords? > >> > > > > Write a shell backend that only do the authentication? > > > > > That won't work; Binds with empty password are processed by the frontend. > > You'll just have to hack the existing code in bind.c to allow what you > want. From a security perspective, what you want is an extremely bad > idea. I don't think you'll convince anybody to make it a standard feature. > > -- > -- Howard Chu > Chief Architect, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc > OpenLDAP Core Team http://www.openldap.org/project/ > >
