Feature #127
Store hashed passwords
| Status: | Closed | Start: | 20/10/2009 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | Clément Oudot | % Done: | 100% |
|
| Category: | Self Service Password | |||
| Target version: | self-service-password-0.2 |
Description
Hi,
Currently, when you update a password in a plain LDAP directory (not in AD mode), the password is stored in plaintext. This isn't great with regards to security.
Some directories hash passwords automatically when you modify the userPassword attribute (OpenDS, for example). AD does the same. But for others (OpenLDAP in my case), no automatic hashing happens unless you use the password change extended operation.
I see two ways of implementing this:- Use the password change exop (but I don't know if this is possible in PHP...)
- Hash the password in PHP
Thoughts?
History
Updated by Clément Oudot 9 months ago
- Status changed from New to Assigned
- Assigned to set to Clément Oudot
- Target version set to self-service-password-0.2
It is clearly a must have feature :) I will try to use the exop operation if possible.
Updated by Clément Oudot 9 months ago
- Status changed from Assigned to Feedback
- % Done changed from 0 to 80
Hi,
PHP-LDAP is a really poor API, so I can't use any extended operation.
So I commit (r33) an option to hash passwords in SSHA. Can you test it?
Updated by Jonathan Clarke 9 months ago
Clément Oudot wrote:
Hi,
PHP-LDAP is a really poor API, so I can't use any extended operation.
I was afraid so...
So I commit (r33) an option to hash passwords in SSHA. Can you test it?
This works great! Thanks for your quick reaction.
Updated by Clément Oudot 9 months ago
- Status changed from Feedback to Closed
- % Done changed from 80 to 100