[389-devel] Please review: [389 Project] #561: disable writing unhashed#user#password to changelog

Noriko Hosoi nhosoi at redhat.com
Tue Feb 19 21:46:40 UTC 2013 

https://fedorahosted.org/389/ticket/561

https://fedorahosted.org/389/attachment/ticket/561/0001-Ticket-561-disable-writing-unhashed-user-password-to.patch

  Fix description: unhashed password was introduced to give an
  opportunity to get the unhashed password to plugins.  But it
  is not always needed.  If it is not, it is preferable to
  disable the functionality.

  1) Ticket #402 "unhashed#user#password in entry extension"
     switched the way how the unhashed password is stored.
     It used to be put in the attribute list in the entry.
     The #402 patch changed it to store in the entry extension.
     To provide the migration period, it has been stored in
     the both places.  This patch is disabling the old
     attribute list method.
  2) Introducing a config parameter nsslapd-unhashed-pw-switch
     to cn=config.  The parameter takes 3 values:
     on    - unhashed password is stored in the entry extension
             and logged in the changelog.
     nolog - unhashed password is stored in the entry extension
             but not logged in the changelog.
     off   - unhashed password is not stored in the entry extension.
  3) As reported in the ticket #577 "Attribute name unhashed#user
     #password is not valid per RFC 4512", the pseudo attribute
     type is violating the RFC.  Once, disabling to store it in
     the attribute list in the entry, the OID is not needed in
     the schema any more.  Thus, the pseudo attribute type is
     eliminated from the schema.




(2013年02月19日 13:17), 389 Project wrote:
> #561: disable writing unhashed#user#password to changelog
> ------------------------------------------+---------------------------
>          Reporter:  rmeggins               |          Owner:  nhosoi
>              Type:  enhancement            |         Status:  assigned
>          Priority:  major                  |      Milestone:  1.3.1
>         Component:  Replication - General  |        Version:  1.2.11
>        Resolution:                         |       Keywords:
>        Blocked By:                         |       Blocking:
>            Review:                         |  Ticket origin:  Community
> Red Hat Bugzilla:                         |       Screened:  1
> ------------------------------------------+---------------------------
>
> Comment (by nhosoi):
>
>
>   }}}
>

More information about the 389-devel mailing list