From: Kurt Zeilenga <kurt@openldap.org>
Date: Fri, 20 Sep 2002 17:27:08 +0000 (+0000)
Subject: Clean up hash password scheme stuff
X-Git-Tag: NO_SLAP_OP_BLOCKS~954
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=68aebc05c9978b795aa2b0b5029c9b01e8054e19;p=openldap

Clean up hash password scheme stuff
---

diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
index 4b815958ce..3a9bb9836a 100644
--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -439,25 +439,25 @@ and
 .BR {CLEARTEXT} .
 The default is
 .BR {SSHA} .
-.TP
+
 .B {SHA}
 and
 .B {SSHA}
 use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
-.TP
+
 .B {MD5}
 and
 .B {SMD5}
 use the MD5 algorithm (RFC 1321), the latter with a seed.
-.TP
+
 .B {CRYPT}
 uses the
 .BR crypt (3).
-.TP
+
 .B {CLEARTEXT}
 indicates that the new password should be
 added to userPassword as clear text.
-.TP
+
 Note that this option does not alter the normal user applications
 handling of userPassword during LDAP Add, Modify, or other LDAP operations.
 .TP
diff --git a/doc/man/man8/slappasswd.8 b/doc/man/man8/slappasswd.8
index d8a504e75b..cfbc2b6573 100644
--- a/doc/man/man8/slappasswd.8
+++ b/doc/man/man8/slappasswd.8
@@ -29,7 +29,7 @@ configuration directive.
 enable verbose mode.
 .TP
 .B \-u
-Generate RFC2307 userPassword values (the default).  Future
+Generate RFC 2307 userPassword values (the default).  Future
 versions of this program may generate alternative syntaxes
 by default.  This option is provided for forward compatibility.
 .TP
@@ -38,7 +38,7 @@ The secret to hash.  If not provided, the user will be prompted
 for the secret to hash.
 .TP
 .BI \-h " scheme"
-If -h is specified, one of the following RFC2307 schemes may
+If -h is specified, one of the following RFC 2307 schemes may
 be specified:
 .IR {CRYPT} ,
 .IR {MD5} ,
@@ -47,21 +47,21 @@ be specified:
 .IR {SHA} .
 The default is 
 .IR {SSHA} .
-.TP
+
 .B {SHA}
 and
 .B {SSHA}
 use the SHA-1 algorithm (FIPS 160-1), the latter with a seed.
-.TP
+
 .B {MD5}
 and
 .B {SMD5}
 use the MD5 algorithm (RFC 1321), the latter with a seed.
-.TP
+
 .B {CRYPT}
 uses the
 .BR crypt (3).
-.TP
+
 .B {CLEARTEXT}
 indicates that the new password should be added to userPassword as
 clear text.
@@ -81,9 +81,11 @@ versions of crypt(3) to use an MD5 algorithm and provides
 provides 31 characters of salt.
 .SH LIMITATIONS
 The practice storing hashed passwords in userPassword violates
-Standard Track (RFC2256) schema specifications and may hinder
-interoperability.  A new attribute type to hold hashed
-passwords is needed.
+Standard Track (RFC 2256) schema specifications and may hinder
+interoperability.  A new attribute type, authPassword, to hold
+hashed passwords has been defined (RFC 3112), but is not yet
+implemented in
+.BR slapd (8).
 .SH "SECURITY CONSIDERATIONS"
 Use of hashed passwords does not protect passwords during
 protocol transfer.  TLS or other eavesdropping protections
@@ -95,6 +97,9 @@ were clear text passwords.
 .BR ldapmodify (1),
 .BR slapd (8)
 .BR slapd.conf (5)
+.B RFC 2307
+.B RFC 2256
+.B RFC 3112
 .LP
 "OpenLDAP Administrator's Guide" (http://www.OpenLDAP.org/doc/admin/)
 .SH ACKNOWLEDGEMENTS