[389-users] Secondary passwords - like Google's application specific passwords
Jan Tomasek
jan at tomasek.cz
Fri Nov 8 12:57:41 UTC 2013
Hello,
On 11/06/2013 04:43 PM, Petr Spacek wrote:
> On 6.11.2013 17:34, Jan Tomasek wrote:
>> Hello,
>>
>> please, does anybyody any idea how to implement this with 389?
>
> According to http://tools.ietf.org/html/rfc4519#section-2.41
> the userPassword attribute is multi-valued.
>
> Did you try to add multiple values to the attribute?
Yes it works but that is hard to manage.
I need to implement mechanism for revoking certain password, identified
with some label. Like i show bellow. To implement this with mutlivalued
userPassword I have to store password somewhere else. That is not very
elegant nor safe.
>>> My idea is this:
>>>
>>> uid=semik,dc=neco
>>> objectClass: inetOrgPerson
>>> cn: Jan Tomasek
>>> sn: Tomasek
>>> uid: semik
>>> userPassword: {SSHA}...
>>>
>>> dc=12345,uid=semik,dc=neco
>>> objectClass: appPassword
>>> dc: 12345
>>> password: some-generated-password1
>>> passwordLabel: phone-email
>>>
>>> dc=12395,uid=semik,dc=neco
>>> objectClass: appPassword
>>> dc: 12395
>>> password: some-generated-password2
>>> passwordLabel: tablet-email
>>>
>>> dc=12399,uid=semik,dc=neco
>>> objectClass: appPassword
>>> dc: 12399
>>> password: some-generated-password3
>>> passwordLabel: phone-calendar
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
More information about the 389-users
mailing list