Hi all,
I'm working for a new company for some months now and I have as a
project to renew our directory server. The company uses ApacheDS 1.5.7
and I have a question about it's behaviour.
We can bind to this apacheDS server providing plain passwords and also
providing full userPassword fields when password are encrypted in the
directory. I mean providing {enc_mecanism}hashed_password as a password.
This behaviour is very strange for me and in my point of view is a big
security issue. What I want to know is how is it possible that you can
bind providing hashed password ?
I ask because some apps here rely on this behaviour/issue and I want to
know how I can reproduce it for compatibility reasons ? (that will be
discarded later)
Thanks for your explanations.
--
------------
M. P.
