Package: cpu
Version: 1.4.3-11.2
Severity: important
Tags: upstream

"cpu usermod -p …" offers the set a new password for the user.
But cpu can't know how the LDAP server wants to store the password in
the userPassword attribute.

Depending on the password-hash slapd config option it may choose to use
MD5, …, and even cleartext.

cpu does not obey this setting. This breaks applications that use LDAP
authentication with challenge response methods.

IMHO cpu should use "ldappasswd" or a similiar API call to set the
password.


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to