Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: LDAP, DirectoryService and loginwindow in Tiger

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LDAP, DirectoryService and loginwindow in Tiger

Subject: Re: LDAP, DirectoryService and loginwindow in Tiger
From: Michael Bartosh <email@hidden>
Date: Fri, 27 May 2005 20:21:02 -0600


On May 20, 2005, at 3:12 PM, Finlay Dobbie wrote:

The manifestation of this is that you can't log in to the GUI whilst
authenticating against an LDAP server whose user accounts have
passwords stored in SHA-1 hashes, but you can log in using ssh (and
possibly other stuff).

Don't map the password attribute in the LDAPv3 Plug-in. DirectoryService will perform an LDAP bind to authent the user. iirc it will to aCRAM-MD5 bind if the server is capable. If I were you I'd disable clear-text binds. Or use ssl. At any rate giving the OS access to the hashes is a bad idea, since someone could brute force them.

-mb
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



References:  
  >LDAP, DirectoryService and loginwindow in Tiger (From: Finlay Dobbie <email@hidden>)




Prev by Date:
Re: Bizarre out of memory bug

Next by Date:
Re: IOHIDFamily compilation under 10.4.1

Previous by thread:
Re: LDAP, DirectoryService and loginwindow in Tiger

Next by thread:
access root's default database

Index(es):

Date
Thread