[Pkg-openldap-devel] Bug#444172: Bug#444172: slapd: accepts incorrect passwords
Quanah Gibson-Mount
quanah at zimbra.com
Thu Sep 27 04:53:20 UTC 2007
--On Wednesday, September 26, 2007 4:50 PM +0200 Pawel Palucha
<pawel at praterm.com.pl> wrote:
> Package: slapd
> Version: 2.3.38-1
> Severity: normal
>
>
> When binding to slapd I can pass any password that starts with correct
> password and it is accepted (for example, if password is '1234', also
> '12345' is accepted). Checked with python bindings and apache ldap_auth
> module. {CRYPT} is used to hash passwords.
Hello,
I cannot reproduce this. I used:
/opt/zimbra/openldap/sbin/slappasswd -s 1234 -c 1234
to generate the crypt(3) password. How did you generate your passwords?
Note that I am not using Debian's build, but as an upstream developer I'm
very interested in making sure this is not an OpenLDAP bug. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Pkg-openldap-devel
mailing list