[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenSSL Password hash method.

To: Pierrick Hascoet <pierrick.hascoet@alias.fr>
Subject: Re: OpenSSL Password hash method.
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 09 Jun 2000 13:50:42 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <Pine.LNX.4.10.10006091559070.3810-100000@ns0.alias.fr>

At 04:23 PM 6/9/00 +0000, Pierrick Hascoet wrote:
>I'm new on this list, and would like to contribute to the OpenLDAP
>project.

Feel free.

>I've read the liblutil code source and think that the passwd hash
>method should be implemented with the OpenSSL library which provide a good
>API and lots of supported crypto scheme to do that.

The current code natively supports SHA1 (seeded or not), MD5
(seeded or not), and crypt(3) hashed passwords [as well as
a number of external password stores].   The code could be
extended to support additional hash algorithms and implementations
could be dependent on OpenSSL.  However,  I rather not depend
the basic hash mechanisms on OpenSSL as this would limit OpenLDAP
to OpenSSL supported platforms

>The dark side of this thing is that some parts of OpenLDAP will be linked
>with OpenSSL.

Exactly.  We should (and do) use OpenSSL where appropriate, but
OpenLDAP should be able to operate (securely) without OpenSSL.

>But the library would be used next for the SSL and TLS
>support  ...

Already implemented.  And I suspect we'll be able to use
alternative TLS implementations as well.  OpenSSL is good,
but it's not right for everyone.

Kurt

References:
- OpenSSL Password hash method.
  - From: Pierrick Hascoet <pierrick@alias.fr>

Prev by Date: Re: IPv6 detection
Next by Date: Re: openldap on alpha (fwd)
Index(es):
- Chronological
- Thread