Hi all. Could you please tell me if my logic is correct in relation to password salting?
I have Moodle installed on a couple of Windows 2008 R2 servers on IIS/PHP/MySQL and at this stage I have not set up password salting. We use LDAP authentication for all users linking into a MS AD domain controller. With this environment Moodle checks the passwords against AD rather than storing passwords in its own db. So I my logic is that password salting would not assist security. Is this right?
I was also concerned that if salting applies the information and tries to pass this back to AD that it might course issues with AD. Should I be concerned?
So do I add password salt?