On Thu, 2008-06-26 at 11:14 -0400, John Dennis wrote:
Nalin Dahyabhai wrote:
Would it be useful to also intercept the password used when a simple or
SASL/PLAIN bind requests succeed, and take the opportunity to generate
the hashes so that we can avoid forcing password changes?
How do you plan to intercept the plain text password in IPA? We aren't
in control of the services a user is likely to issue a SASL/PLAIN bind
to are we?
We control the LDAP server, that's the only SASL/PLAIN bind we care
about.
Right, but when and in what context are users doing a plain bind to our
LDAP server? Wouldn't this be very atypical?