change password for user

Michael Ströder michael at stroeder.com
Mon Mar 9 12:27:37 CET 2009


Jan-Frode Myklebust wrote:
> On 2009-03-09, Michael Ströder <michael at stroeder.com> wrote:
>>> But, it occurred to me that I'm not fully sure what I'm doing
>>> when creating the SSHA1 hash,
>> If the password is usable afterwards there's nothing wrong with
>> client-side password hashing. The salt should be at least 4 bytes long.
> 
> Still, I'm uncertain how f.ex. character encodings will/should be
> handled, so it seems safer to let the directory server handle both the
> hashing and verification. 

For LDAPv3 you should pass UTF-8 to the python-ldap functions/methods or
before hashing the password. (In theory one has to use SASLprep before
the UTF-8 encoding but in most cases this is the same).

Ciao, Michael.



More information about the python-ldap mailing list