On Monday 05 November 2007 13:20:04 Zohar Lev Shani wrote: > I understand now why I cannot put hashed userPassword when I use SASL. But, > does it mean that the ONLY place where I can use hashed passwords for > authentication is the rootpw directive in slapd.conf, or, there are more > sensible use cases where it can be used?
Uh, well, if you want to use SASL mechanisms that require a shared secret, obviously: no. If you want to use simple binds, then you can use a hashed userPassword. If you want to use other SASL mechanisms that support encrypted keys, mutual 3rd-party authentication - then you're not going to use userPassword at all ... Regards, Buchan
