mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-03-07 14:18:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove meantion of authPassword from slappasswd(8) for 2.0.

Browse Source 
Use -u scheme (in line with future code).
Need to trim authPassword from release schema code/confs.
This commit is contained in:
Kurt Zeilenga 2000-08-25 07:42:11 +00:00
parent 6f63134b26
commit be654e45f1
2 changed files with 9 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
doc/man/man8/slappasswd.8
View File

@ -6,16 +6,15 @@
slappasswd \- OpenLDAP password utility
.SH SYNOPSIS
.B SBINDIR/slappasswd
.B [\-u]
.B [\-v]
.B [\-s secret]
.B [\-h hash]
.B [\-u hash]
.B
.LP
.SH DESCRIPTION
.LP
.B Slappasswd
is used to generate an authPassword (or userPassword) value
is used to generate an userPassword value
suitable for use with
.BR ldapmodify (1)
or
@ -24,9 +23,6 @@ or
coniguration directive.
.SH OPTIONS
.TP
.B \-u
generate RFC2307 userPassword values instead of authPassword values.
.TP
.B \-v
enable verbose mode.
.TP
@ -34,14 +30,6 @@ enable verbose mode.
The secret to hash. If not provided, the user will be prompted
for the secret to hash.
.TP
.BI \-h " scheme"
The hash scheme to use. One of the following authPassword schemes
may be specified:
.IR MD5 ,
.IR SHA1 ", and"
.IR X-CRYPT .
The default is
.IR SHA1 .
If -u is specified, one of the following RFC2307 schemes may
be specified:
.IR {CRYPT} ,
@ -53,9 +41,9 @@ The default is
.IR {SSHA} .
.LP
.SH LIMITATIONS
The authPassword attribute type is not yet widely supported.
The practice storing hashed passwords in userPassword violates
Standard Track schema and may hinder interoperability.
Standard Track (RFC2256) schema specifications and may hinder
interoperability.
.SH "SECURITY CONSIDERATIONS"
Use of hashed passwords does not protect passwords during
protocol transfer. TLS or other eavesdropping protections

10
servers/slapd/tools/slappasswd.c
View File

@ -29,7 +29,7 @@ usage(const char *s)
{
fprintf(stderr,
"Usage: %s [options]\n"
" -h hash\tpassword scheme\n"
" -u hash\tpassword scheme\n"
" -s secret\tnew password\n"
" -v\t\tincrease verbosity\n"
, s );
@ -50,10 +50,10 @@ main( int argc, char *argv[] )
struct berval *hash = NULL;
while( (i = getopt( argc, argv,
"d:h:s:v" )) != EOF )
"d:u:s:v" )) != EOF )
{
switch (i) {
case 'h': /* scheme */
case 'u': /* scheme */
scheme = strdup (optarg);
case 's': /* new password (secret) */
@ -88,7 +88,7 @@ main( int argc, char *argv[] )
cknewpw = getpassphrase("Re-enter new password: ");
if( strncmp( newpw, cknewpw, strlen(newpw) )) {
fprintf( stderr, "passwords do not match\n" );
fprintf( stderr, "Password values do not match\n" );
return EXIT_FAILURE;
}
}
@ -104,7 +104,7 @@ main( int argc, char *argv[] )
}
if( lutil_passwd( hash, &passwd, NULL ) ) {
fprintf( stderr, "Password verificaiton failed.\n");
fprintf( stderr, "Password verification failed.\n");
return EXIT_FAILURE;
}