martin: server/kolab/kolab slapd.conf.template,1.9,1.10

cvs at intevation.de cvs at intevation.de
Fri Nov 28 03:01:06 CET 2003


Author: martin

Update of /kolabrepository/server/kolab/kolab
In directory doto:/tmp/cvs-serv20773

Modified Files:
	slapd.conf.template 
Log Message:
Martin Konold: Introduce sha1 encoded passwords instead of plain cleartext passwords in the LDAP db. 
Fixes: administrators and maintainers can see the users passwords in cleartext
Fixes: users can see their own password in cleartext
Fixes: cleartext password visible in source of html when modifying user account

Please note that no user could ever see another users password and anonymous users can not see any passwords.
Last but not least OpenLDAP acl protecting the password field seems to work OK and all network traffic with passwords was always secured by SSL/TLS.

Please help us testing this new feature and report success / failure


Index: slapd.conf.template
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/slapd.conf.template,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- slapd.conf.template	25 Oct 2003 07:44:00 -0000	1.9
+++ slapd.conf.template	28 Nov 2003 02:01:04 -0000	1.10
@@ -26,6 +26,8 @@
 
 loglevel	0
 
+password-hash   {sha}
+
 database	ldbm
 suffix		"@@@base_dn@@@"
 directory	@@@kolab_prefix@@@/var/openldap/openldap-data





More information about the commits mailing list