[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenSSL Password hash method.
At 04:23 PM 6/9/00 +0000, Pierrick Hascoet wrote:
>I'm new on this list, and would like to contribute to the OpenLDAP
>project.
Feel free.
>I've read the liblutil code source and think that the passwd hash
>method should be implemented with the OpenSSL library which provide a good
>API and lots of supported crypto scheme to do that.
The current code natively supports SHA1 (seeded or not), MD5
(seeded or not), and crypt(3) hashed passwords [as well as
a number of external password stores]. The code could be
extended to support additional hash algorithms and implementations
could be dependent on OpenSSL. However, I rather not depend
the basic hash mechanisms on OpenSSL as this would limit OpenLDAP
to OpenSSL supported platforms
>The dark side of this thing is that some parts of OpenLDAP will be linked
>with OpenSSL.
Exactly. We should (and do) use OpenSSL where appropriate, but
OpenLDAP should be able to operate (securely) without OpenSSL.
>But the library would be used next for the SSL and TLS
>support ...
Already implemented. And I suspect we'll be able to use
alternative TLS implementations as well. OpenSSL is good,
but it's not right for everyone.
Kurt