-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The module is nearing completion, and I'd like to ask for some opinions on supported password formats.
Part of the module's goal is to provide an address book for users. The LDAP server administrator can set down rights as to what parts of the directory can be seen, and users can authenticate as themselves against the LDAP server for this purpose. That means that both vpopmail, and the LDAP server must both understand the password field. Because of this requirement, the userPassword field from the inetOrgPerson schema is being used to store the hashed password. Another requirement is that the password be portable to other authentication modules. If one wishes to convert to another module, and does not have plaintext passwords enabled, it should be possible to convert the user's hashed password to the new module, even if it requires some quick tweaks (eg. {SMD5} has the four byte salt at the end, and is base64 encoded -- this could easily be reformatted) Initially I had decided upon using the {SMD5} hash scheme, but this requires that systems have MD5 support. The next obvious choice is the {CRYPT} scheme, however, OpenLDAP does not compile with this feature enabled by default, and without it, the server cannot authenticate clients. So, to those of you with some experience with OpenLDAP, I'm looking for some input on the optimal scheme (or schemes) to implement, keeping in mind that the hashed password can (hopefully) be ported to the other authentication modules if required, and the OpenLDAP server must be able to authenticate against it. The original module supported {MD5} and {CRYPT}, and that's what I'm leaning towards here. Thanks for any input you can provide! - -- /* Matt Brookings <m...@inter7.com> GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkymPhcACgkQIwet2/rgZywgpACggRLVreT65fO267bBNp94RfhA Z3wAnjIpq0fnAO6sP/FHhAAd8f0j4pUN =fK4S -----END PGP SIGNATURE-----