You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2019/06/26 09:13:00 UTC
[jira] [Commented] (DIRSERVER-2179) Password hashing interceptor -
password history entries are not hashed
[ https://issues.apache.org/jira/browse/DIRSERVER-2179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16873123#comment-16873123 ]
Emmanuel Lecharny commented on DIRSERVER-2179:
----------------------------------------------
Here is the thing: the Password Policy may need to check the password quality, which means your password must be sent in clear text to the server. Then the server will not know which hash method to use to store the password.
May be using the {{PaswwordHashing}} interceptor could do the trick ? Will test that.
> Password hashing interceptor - password history entries are not hashed
> ----------------------------------------------------------------------
>
> Key: DIRSERVER-2179
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2179
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ppolicy
> Reporter: Dmitry Smeliansky
> Priority: Major
>
> Hi.
> In order to use the server-side password policy validation - we have to pass the passwords as plaintext and not hashed by the client.
> Password hashing interceptor hashes the passwords according to the configuration, BUT - the new added pwdHistory entry will contain the plaintext value of the password.
> Is there any way to have the password policy validation on the server and the hashed password to be saved in the history at the same time?
> Thanks
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org