martin: server/kolab/kolab slapd.conf.template,1.9,1.10
cvs at intevation.de
cvs at intevation.de
Fri Nov 28 03:01:06 CET 2003
Author: martin
Update of /kolabrepository/server/kolab/kolab
In directory doto:/tmp/cvs-serv20773
Modified Files:
slapd.conf.template
Log Message:
Martin Konold: Introduce sha1 encoded passwords instead of plain cleartext passwords in the LDAP db.
Fixes: administrators and maintainers can see the users passwords in cleartext
Fixes: users can see their own password in cleartext
Fixes: cleartext password visible in source of html when modifying user account
Please note that no user could ever see another users password and anonymous users can not see any passwords.
Last but not least OpenLDAP acl protecting the password field seems to work OK and all network traffic with passwords was always secured by SSL/TLS.
Please help us testing this new feature and report success / failure
Index: slapd.conf.template
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/slapd.conf.template,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- slapd.conf.template 25 Oct 2003 07:44:00 -0000 1.9
+++ slapd.conf.template 28 Nov 2003 02:01:04 -0000 1.10
@@ -26,6 +26,8 @@
loglevel 0
+password-hash {sha}
+
database ldbm
suffix "@@@base_dn@@@"
directory @@@kolab_prefix@@@/var/openldap/openldap-data
More information about the commits
mailing list