Comment 0 for bug 66925
Revision history for this message
|
|
#0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Package: slapd
Version: 2.2.26-5
Severity: important
Clear slapd installation of mentioned version results in wrong admin
password. After some debugging I have found out following:
function crypt_admin_pass is called twice:
first time with correct password entered in the process of configuration
second time with slapd/password1 cleared to empty string
Therefore empty string is hashed and stored in the LDAP database as an
admin password.
In my humble opinion it's better to clean all passwords in one
function wipe_admin_password for instance:
db_set slapd/internal/
db_set slapd/password1 ""
db_set slapd/password2 ""
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14.2
Locale: LANG=en_US, LC_CTYPE=sk_SK (charmap=
set to en_US)