> In general, you should always pass the clear text password to the > directory server, and let it hash it and compare it. This also allows > you to use the password policy features of the directory server (e.g. > password syntax checking does not work with pre-hashed passwords). Oh. > Were these applications that pre-hashed the SSHA passwords, then sent > the pre-hashed SSHA password to the server, when adding a user or > modifying the password? If so, then it could be that the legacy SSHA > handling was broken. They were pre-hashed, and sent in the pre-hash format to the add and modify commands. -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
