Hi,
spike77453 opened a new pull request at
https://github.com/splitbrain/dokuwiki/pull/3634:
This adds an additional option `modPassPlain` to the authldap plugin. Sending a
password update to an LDAP server in plaintext is useful is a few cases:
- The hashing algorithm and/or format is not available in dokuwiki (e.g.
RedHat's pbkdf2_sha256 format, the default for 389ds and RHDS)
- A password policy is enabled on the server. This can't be enforced when
sending hashed passwords
- Sending hashed passwords is disabled or only available to privileged accounts
(password managers, directory managers) on the LDAP server (e.g.
`nsslapd-allow-hashed-passwords` is off per default on 389ds and RHDS). Using
plaintext passwords allows binding with a service account or as user with less
privileges
- The number of rounds is (e.g. for pbkdf2_sha256) is either unknown or
cumbersome to manage in dokuwiki (e.g. 389ds dynamically sets the number of
rounds depending on hardware capabilities)
This obviously should only be used via a secure or private communication
channel (ldaps, starttls, ldapi).
Please help us to review this pull request, so new contributors get feedback in
a timely manner.
7e615f30-945e-11ec-8ea2-5010dec0d576
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
