Re: password hashes

[Howard Chu <hyc@symas.com>]

Brandon McCombs wrote:
> I'm gathering from reading various sites that openldap doesn't allow a 
> person to specify multiple hash algorithms in the slapd.conf file. Is 
> this correct?

Gathering info from various sites around the web is a bad idea, when the info 
is plainly available in the OpenLDAP documentation, in this case the 
slapd.conf(5) manpage:

password-hash <hash> [<hash>...]
    This option configures one or more hashes to be used in generation of 
user passwords stored in the userPassword attribute during processing of LDAP 
Password Modify Extended Operations (RFC 3062).

As usual - it's great that people want to help out and write up their 
experiences using the software. It would be better if they actually brought 
their writeups back into the Project (e.g., submissions to ITS) so that they 
could be checked for accuracy, and eventually merged into the Project's own 
doc offerings and regularly maintained. The vast majority of 3rd party docs 
on the web is either outdated and no longer correct, or was never correct in 
the first place. Until people realize that going off on their own to write 
something is self-defeating (that goes for both code and documentation) 
they're only going to do more harm than good. The community works because we 
all learn from each other and all of our work improves as a result. Working 
outside of the community will only generate dead ends.
--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  Chief Architect, OpenLDAP     http://www.openldap.org/project/