[ale] How LDAP works with authentication
Christopher Fowler
cfowler at outpostsentinel.com
Wed Oct 12 18:23:24 EDT 2005
On Wed, 2005-10-12 at 17:38 -0400, Jason Day wrote:
> Here's a better question: Is the (arguably) better protection you get
> from sending an MD5 hash of a password vs. plain text over an SSL
> connection worth the added burden of adding the password hash to the
> user object *and* keeping the password hash in sync with the user's
> password?
How do you keep the user's password hashed without MD5? I guess if you
want to store your users password in plain-text in a file that is okay.
UNIX does not really like to store passwords in plain-text. It prefers
one-way encryption. If a user changes their password you simply encrypt
the new password and change the LDAP database. The only reason I could
see to store a plain-text password is in case a user forgets their
password.
Why would you store the plain-text version?
More information about the Ale
mailing list