On Tue, 17 Aug 2004, Elliot F. wrote: > LDAP could use cram-md5, you would just have to store the passwords in > plaintext in the directory.
Our LDAP database for site-wide user authentication is an LDAP for NDS server on some Netware box. So I don't think that option is open for us :( Looks like digest-md5 may be helpful, but on first glance I would have to make some real time to code that. I *think* that this may be possible with stunnel or the like, but that is currently under investigation. > It's easy, if that is what you would want > to do. Sun/iPlanet DS 5 has some nice facilities for specifying the > password encryption scheme, so as to apply plaintext encryption on > subtrees. By default, it stores the clear text password in base64, btw. > All you would need after that is an ACI that allows a certain DN to read > the password. The question is whether you would want the directory to > store passwords in clear text. > > If your directory is already initialized, then yes, that would be a > problem. Cheers. > > Elliot F. > > -- Mark Powell - UNIX System Administrator - The University of Salford Information Services Division, Clifford Whitworth Building, Salford University, Manchester, M5 4WT, UK. Tel: +44 161 295 4837 Fax: +44 161 295 5888 www.pgp.com for PGP key
