We are currently transitioning our existing database based authentication to Active Directory. In the existing implementation, passwords are kept in clear-text in the database (I know this is bad, this is why we are transitioning). When a user logs into our client-side application (not a browser), the application hashes the password using an MD5 hash, and sends it to the server. The server queries the database for the login supplied, hashes the clear-text password, and compares the result.
Because this is a client side application, it takes time to upgrade all of our clients (could be months). So, we would like to support both authentication methods until clients are full transitioned over.
One way of doing this would be to have a single Active Directory user have two passwords, the real password, and an MD5 hash of the password. If they come in with either, they will be authenticated.
Can a single user support multiple passwords in Active Directory?
For example, can the real user Jon Smith have two sets of login passwords:
1. login = "jon", password = "pass1"
2. login = "jon", password = "pass2"
If Jon passes in either of these at login time, he will be successfully authenticated.
Thanks
Best Answer
The answer to this is basically, no. AD allows only one password per user account. Because AD has the user name, and the pre-2000 username, I suppose you could cludge together 2 usernames for one account, but its not a good idea. Any particular reason you need this? Maybe there is a better solution to your needs?