Re: [Phpgroupware-users] Synchronization with mobile appliances via Sync

phpgroupware-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-users] Synchronization with mobile appliances via Sync

From:	Dave Hall
Subject:	Re: [Phpgroupware-users] Synchronization with mobile appliances via SyncML - need help ASAP
Date:	Fri, 08 Jul 2005 23:58:29 +1000

On Fri, 2005-07-08 at 13:21 +0000, Christian Rost wrote:
> > > Dave mentioned a hack for SQL.  Do you/ or Dave know some details about 
> > > the
> > > hack? I need to know wether it can be done with reasonable effort. and 
> > > what
> > > needs to be done.
> >
> > It is standard in all installs.  It allows a password to be validated
> > against the md5 hash.  So you can query ther db for the password and
> > then throw it back at the auth layer.  LDAP doesn't support something
> > like this, so it isn't possible :(
> >
> Why isn't it possible? Isn't it the same wether you store the md5 hash in LDAP
> or a database? Well, until now we don't encrypt the LDAP based password,
> because some applications need plain text password.  We protect the passwords
> through LDAP based ACLs.

Sorry if this sounds too much like LDAP/SQL 101, but I hope to save a
little email tennis on this one :)  There are some assumptions built
into the stuff below.

LDAP stores the password as a md5 hash
You can extract that password as a md5 hash by binding as root
LDAP won't let you bind using the md5 hash as the password (AFAIK)

SQL stores the password as a md5 hash
You can extract that password as a md5 hash using a query
phpGW will let you validate the password as a md5 has, as SQL allows for
this

If you are using plain text passwords (lets not get into that) then you
could bind as root and extract the plain password and then pass that
back to phpgw and throw it at the auth class.

I would suggest that you check the auth device code in the sync module,
I can't recall off the top of my head exactly where it is.

On a side note, this is one of the reasons why our whole accounts+auth
system needs an overhaul imho.

Cheers

Dave
-- 
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
-------------------------------------------------------------------------
Do you think if Bill Gates got laid in high school, do you think there'd 
be a Microsoft?  Of course not.
Underwear Goes Inside The Pants by Lazy Boy

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Phpgroupware-users] Synchronization with mobile appliances via SyncML - need help ASAP, Christian Rost, 2005/07/08
- Re: [Phpgroupware-users] Synchronization with mobile appliances via SyncML - need help ASAP, Dave Hall <=

Prev by Date: Re: [Phpgroupware-users] Synchronization with mobile appliances via SyncML - need help ASAP
Next by Date: Re: [Phpgroupware-users] Personal, default and forced settings reset themselves
Previous by thread: Re: [Phpgroupware-users] Synchronization with mobile appliances via SyncML - need help ASAP
Next by thread: Re: [Phpgroupware-users] Personal, default and forced settings reset themselves
Index(es):
- Date
- Thread