Menu
▾
▴
Re: multi-valued userPassword attributes.
|
From: <rg...@di...> - 2002-04-08 14:39:39
|
On Apr 8, 2:54pm, Chris Ridd wrote:
> Subject: Re: multi-valued userPassword attributes.
> Clif Harden <cl...@di...> wrote:
> >
> >
> > I have a question for the gurus of ldap.
> >
> > Does any one use multi-valued userPasswords?
> > If multi-valued userPasswords are used could
> > they have different encrption tags; {crypt}, {SHA}, etc.
>
> The only real contraint the standards impose is that all values of an
> attribute must compare different for equality.
>
> Since the use of hashed password values is somewhat non-standard (they are
> only loosely defined in an informational RFC) it is really something you
> will need to ask your vendor about.
What about RFC 3112?
Yes, asking the vendor, and then testing the heck out of their product.
>
> Off the top of my head there are two ways a server could implement hashed
> password values:
>
> 1) by using special syntax handlers which were aware of the hashing
> mechanisms
>
> 2) by doing simple textual comparisons on the values
>
> For case 1) since it is impossible to compare two values using different
> hashing schemes (eg {sha}1234 and {crypt}1234) unless you know the
> plaintext values it is *probable* that your server will say these are
> different values and hence permit one userPassword attribute to contain
> multiple differently-hashed values.
>
> In case 2) you can probably see it is going to work just fine, except that
> some algorithms using salts (eg traditional Unix crypt) with the keys will
> produce different hashed strings for the same value at different times so
> some problems might arise.
>
> Cheers,
>
> Chris
>
>-- End of excerpt from Chris Ridd
--
Russell Biggs (Rusty) Internet: r-...@ti...
6500 Chase Oaks Blvd, M/S 8412
Texas Instruments
Plano Tx 75023
Phone: (972) 575-0826
Fax: (972) 575-4853
Home Page: http://dirtest3.itg.ti.com/~rgb
Calendar: http://dirtest3.itg.ti.com/cgi-bin/synchronize.cgi?name=Russell+Biggs
"I sense much NT in you...
NT leads to bluescreen...
Bluescreen leads to downtime...
Downtime leads to suffering...
NT is the path to the darkside..."
...Unknown UNIX Jedi
|
