[ale] How LDAP works with authentication

Christopher Fowler cfowler at outpostsentinel.com
Wed Oct 12 18:23:24 EDT 2005


On Wed, 2005-10-12 at 17:38 -0400, Jason Day wrote:
> Here's a better question: Is the (arguably) better protection you get
> from sending an MD5 hash of a password vs. plain text over an SSL
> connection worth the added burden of adding the password hash to the
> user object *and* keeping the password hash in sync with the user's
> password?

How do you keep the user's password hashed without MD5?  I guess if you
want to store your users password in plain-text in a file that is okay.
UNIX does not really like to store passwords in plain-text.  It prefers
one-way encryption.  If a user changes their password you simply encrypt
the new password and change the LDAP database.  The only reason I could
see to store a plain-text password is in case a user forgets their
password.  

Why would you store the plain-text version? 





More information about the Ale mailing list