[DIRSERVER-2179] Password hashing interceptor - password history entries are not hashed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: hash interceptor, ppolicy
Labels:
None

Description

Hi.

In order to use the server-side password policy validation - we have to pass the passwords as plaintext and not hashed by the client.

Password hashing interceptor hashes the passwords according to the configuration, BUT - the new added pwdHistory entry will contain the plaintext value of the password.

Is there any way to have the password policy validation on the server and the hashed password to be saved in the history at the same time?

Thanks

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Dmitry Smeliansky

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 12/Feb/17 10:10

Updated:: 28/Jun/19 05:42