[Freeipa-devel] Capturing passwords for migration at bind-time?
John Dennis
jdennis at redhat.com
Thu Jun 26 16:00:28 UTC 2008
Simo Sorce wrote:
> On Thu, 2008-06-26 at 11:14 -0400, John Dennis wrote:
>
>> Nalin Dahyabhai wrote:
>>
>>> Would it be useful to also intercept the password used when a simple or
>>> SASL/PLAIN bind requests succeed, and take the opportunity to generate
>>> the hashes so that we can avoid forcing password changes?
>>>
>>>
>> How do you plan to intercept the plain text password in IPA? We aren't
>> in control of the services a user is likely to issue a SASL/PLAIN bind
>> to are we?
>>
>
> We control the LDAP server, that's the only SASL/PLAIN bind we care
> about.
>
>
Right, but when and in what context are users doing a plain bind to our
LDAP server? Wouldn't this be very atypical?
--
John Dennis <jdennis at redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080626/0e017fee/attachment.htm>
More information about the Freeipa-devel
mailing list