Menu
▾
▴
Re: change password for user
|
From: Michael S. <mi...@st...> - 2009-03-09 11:28:01
|
Jan-Frode Myklebust wrote: > On 2009-03-09, Michael Ströder <mi...@st...> wrote: >>> But, it occurred to me that I'm not fully sure what I'm doing >>> when creating the SSHA1 hash, >> If the password is usable afterwards there's nothing wrong with >> client-side password hashing. The salt should be at least 4 bytes long. > > Still, I'm uncertain how f.ex. character encodings will/should be > handled, so it seems safer to let the directory server handle both the > hashing and verification. For LDAPv3 you should pass UTF-8 to the python-ldap functions/methods or before hashing the password. (In theory one has to use SASLprep before the UTF-8 encoding but in most cases this is the same). Ciao, Michael. |
