Re: OID accounts

From: Laurenz Albe <invite_at_spam.to.invalid>
Date: 20 Oct 2005 08:34:30 GMT
Message-ID: <1129797268.920363_at_proxy.dienste.wien.at>

Thierry PLASSART <thierry.plassart_at_wanadoo.fr> wrote:
> Thanks for your help Albe ! It has been very usefull!
> I agree that '- No unencrypted password is stored in OID, so you cannot
> retrieve them.'
> but I was wondering where could be the API which should be able de-scramble
> encrypted password (as the Oracle Directory Manager permits to store
> password that can be decrypted...(there's such a checkbox))
> Does anyone have the algorythm?

The documentation does not say very much about it, so I went ahead and tried:

Your Passowrd Policy needs to have 'reversibly encrypted passwords' enabled.

Then I created a user with a password.

According to the documentation the encrypted password is stored in the orclrevpwd attribute, which can only be queried via SSL.

I did, and guess what: it contained the CLEARTEXT password!

I am using OID 10.1.2.0.2 (the currently latest version).

Maybe I should open a TAR for that...

Yours,
Laurenz Albe Received on Thu Oct 20 2005 - 10:34:30 CEST

This message: [ Message body ]
Next message: Diego B.: "View Oracle exp file"
Maybe in reply to: TeePee: "OID accounts"
In reply to Thierry PLASSART: "Re: OID accounts"
Next in thread: DA Morgan: "Re: Set Transaction - Reports (Problem)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message