On Nov 23, 2013, at 12:10 PM, Dieter Klünter <[email protected]> wrote:
> It is not that simple.
> RFC-2307 describes hashing schemes, but not {CLEARTEXT), man
> slapd.conf(5) mentions {CLEARTEXT} as password-hash.
> http://tools.ietf.org/id/draft-stroeder-hashed-userpassword-values-01.html
> only refers to hashed userpassword values.
> DIGEST-MD5 is a SASL mechanism which requires a cleartext password,
> thus a hashing scheme of {CLEARTEXT} is valid for a SASL mechanism.
I consider this a bug.
{CLEARTEXT} was introduced as a means for configuring the server for
userPassword values with no hash scheme (e.g., cleartext), it's not expected to
appear in userPassword.
-- Kurt
