mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-02-23 14:09:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

A few password related updates.

Browse Source
This commit is contained in:
Kurt Zeilenga 2000-07-22 18:32:33 +00:00
parent 890e342594
commit f0e445d9dd
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/man/man1/ldappasswd.1
View File

@ -147,7 +147,9 @@ Issue StartTLS (Transport Layer Security) extended operation. If you use
.BR \-ZZ ,
the command will require the operation to be successful
.SH SEE ALSO
.BR ldap_bind (3)
.BR ldap_sasl_bind (3)
.BR ldap_extended_operation (3)
.BR ldap_start_tls (3)
.SH AUTHOR
The OpenLDAP Project <http://www.openldap.org/>
.SH ACKNOWLEDGEMENTS

23
doc/man/man8/slappasswd.8
View File

@ -3,9 +3,10 @@
.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
.\" Copying restrictions apply. See COPYRIGHT/LICENSE.
.SH NAME
slappassword \- OpenLDAP password utility
slappasswd \- OpenLDAP password utility
.SH SYNOPSIS
.B SBINDIR/slappasswd
.B [\-a]
.B [\-v]
.B [\-s secret]
.B [\-h hash]
@ -20,6 +21,9 @@ as a userPassword value
.BR rootpw .
.SH OPTIONS
.TP
.B \-a
generate authPassword values instead of RFC2307 passwords
.TP
.B \-v
enable verbose mode.
.TP
@ -27,8 +31,8 @@ enable verbose mode.
The secret to hash. If not provided, the user will be prompted
for the secret to hash.
.TP
.BI \-h " hash"
The hash algorithm to use. Algorithms supported include
.BI \-h " scheme"
The hash scheme to use. RFC2307 schemes supported include
.IR {CRYPT} ,
.IR {MD5} ,
.IR {SMD5} ,
@ -36,10 +40,18 @@ The hash algorithm to use. Algorithms supported include
.IR {SHA} .
The default is
.IR {SSHA} .
.LP
If \-a is specified, the following authPassword schemes
may be specified:
.IR MD5 ,
.IR SHA1 ", and"
.IR X-CRYPT .
The default is
.IR SHA1 .
.SH LIMITATIONS
The practice storing hashed passwords in userPassword
violates Standard Track schema and may hinder
interoperability.
interoperability. authPassword is not yet widely supported.
.SH "SECURITY CONSIDERATIONS"
Use of hashed passwords does not protect passwords during
protocol transfer. TLS or other eavesdropping protections
@ -47,7 +59,8 @@ should be inplace before using LDAP simple bind. The
hashed password values should be protected as if they
were clear text passwords.
.SH "SEE ALSO"
.BR ldapmodify (3),
.BR ldappasswd (1),
.BR ldapmodify (1),
.BR slapd (8)
.SH ACKNOWLEDGEMENTS
.B OpenLDAP