Issue Details (XML | Word | Printable)

Key: DIRSERVER-261
Type: New Feature New Feature
Status: Closed Closed
Resolution: Fixed
Priority: Blocker Blocker
Assignee: Stefan Zoerner
Reporter: Stefan Zoerner
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Directory ApacheDS

Storing user passwords other than in clear

Created: 27/Oct/05 07:11 AM   Updated: 25/Jun/06 08:26 PM
Return to search
Component/s: None
Affects Version/s: pre-1.0
Fix Version/s: 1.0-RC1

Time Tracking:
Not Specified

Issue Links:
Reference
 

Resolution Date: 18/Jan/06 02:14 AM


 Description  « Hide
Because the admin user is allowed to see everything, I suggest to store the attribute values for user password other than in clear. I nice solution would be to make this configurable (other server products allow comparable functionality):

* Configure a hash function to use for password storage (e.g. MD5, SSHA, ...)
* Allow clients to store the value as a hashed value on their own as well (calculated with a function other than the configured one, if they like)
* Enable simple bind with value in clear text (hash value calculated within the server and compared against the stored value)
* Still allow clear passwords, because some authentication mechanisms need this (e.g. DIGEST-MD5)

Hashed values does not add that much security, but at least is is harder for admin to catch a password and commit it to his/her memory.
Some products even allow to encrypt the password (two-way), but I think the features above should do for the first run.

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Stefan Zoerner made changes - 28/Oct/05 08:12 AM
Field Original Value New Value
Assignee Alex Karasulu [ akarasulu ] Stefan Zoerner [ szoerner ]
Alex Karasulu made changes - 07/Jan/06 07:01 PM
Priority Minor [ 4 ] Blocker [ 1 ]
Stefan Zoerner made changes - 13/Jan/06 03:53 AM
Status Open [ 1 ] In Progress [ 3 ]
Stefan Zoerner made changes - 14/Jan/06 08:10 PM
Status In Progress [ 3 ] Open [ 1 ]
Alex Karasulu made changes - 18/Jan/06 02:13 AM
Link This issue relates to DIREVE-320 [ DIREVE-320 ]
Alex Karasulu made changes - 18/Jan/06 02:14 AM
Fix Version/s 0.9.4 [ 12310230 ]
Status Open [ 1 ] Resolved [ 5 ]
Resolution Fixed [ 1 ]
Alex Karasulu made changes - 10/Feb/06 12:27 PM
Key DIREVE-296 DIRSERVER-261
Project Directory Server [ 10516 ] Directory ApacheDS [ 12310260 ]
Fix Version/s 1.0-RC1 [ 12310780 ]
Fix Version/s 1.0-RC1 [ 12310230 ]
Affects Version/s pre-1.0 [ 12310782 ]
Stefan Zoerner made changes - 25/Jun/06 08:26 PM
Status Resolved [ 5 ] Closed [ 6 ]

Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators