site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZbToMZ0QSGDoHpCibWq76xKZ3rLun60chOVoSd7jJY5WwW2l5LDHbcvRNKolkmsOJSX2/v28UgRBKReWDG/cRuA239ndzfo9Kzw9WM6DtD14hj4/3UQqrbRp8bxWtoHvH/jInc+w3wYW+7vLFCI+m1dYZu11j1yPcQpj27yDFGs= Well, I filed two bugs if anybody cares. <rdar://problem/4130011> <rdar://problem/4130013> -- Finlay On 5/20/05, Finlay Dobbie <finlay.dobbie@gmail.com> wrote:

In Tiger, it looks like loginwindow's authentication is using dsAuthMethodStandard:dsAuthNodeNativeCannotUseClearText rather than dsAuthMethodStandard:dsAuthNodeNativeCanUseClearText

However, the LDAPv3 plugin appears to only understand {crypt} and {SMD5} format passwords. Generally it is recommended that {SHA1} or {SSHA1} is used.

The manifestation of this is that you can't log in to the GUI whilst authenticating against an LDAP server whose user accounts have passwords stored in SHA-1 hashes, but you can log in using ssh (and possibly other stuff).

Have I missed something? If not, I'll file a bug :-)

-- Finlay

_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com