https://fedorahosted.org/389/ticket/561
https://fedorahosted.org/389/attachment/ticket/561/0001-Ticket-561-disable-writing-unhashed-user-password-to.patch
Fix description: unhashed password was introduced to give an
opportunity to get the unhashed password to plugins. But it
is not always needed. If it is not, it is preferable to
disable the functionality.
1) Ticket #402 "unhashed#user#password in entry extension"
switched the way how the unhashed password is stored.
It used to be put in the attribute list in the entry.
The #402 patch changed it to store in the entry extension.
To provide the migration period, it has been stored in
the both places. This patch is disabling the old
attribute list method.
2) Introducing a config parameter nsslapd-unhashed-pw-switch
to cn=config. The parameter takes 3 values:
on - unhashed password is stored in the entry extension
and logged in the changelog.
nolog - unhashed password is stored in the entry extension
but not logged in the changelog.
off - unhashed password is not stored in the entry extension.
3) As reported in the ticket #577 "Attribute name unhashed#user
#password is not valid per RFC 4512", the pseudo attribute
type is violating the RFC. Once, disabling to store it in
the attribute list in the entry, the OID is not needed in
the schema any more. Thus, the pseudo attribute type is
eliminated from the schema.
(2013年02月19日 13:17), 389 Project wrote:
#561: disable writing unhashed#user#password to changelog
------------------------------------------+---------------------------
Reporter: rmeggins | Owner: nhosoi
Type: enhancement | Status: assigned
Priority: major | Milestone: 1.3.1
Component: Replication - General | Version: 1.2.11
Resolution: | Keywords:
Blocked By: | Blocking:
Review: | Ticket origin: Community
Red Hat Bugzilla: | Screened: 1
------------------------------------------+---------------------------
Comment (by nhosoi):
}}}
--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
