[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: password hashes
Howard Chu wrote:
Brandon McCombs wrote:
I'm gathering from reading various sites that openldap doesn't allow
a person to specify multiple hash algorithms in the slapd.conf file.
Is this correct?
Gathering info from various sites around the web is a bad idea, when
the info is plainly available in the OpenLDAP documentation, in this
case the slapd.conf(5) manpage:
password-hash <hash> [<hash>...]
This option configures one or more hashes to be used in generation
of user passwords stored in the userPassword attribute during
processing of LDAP Password Modify Extended Operations (RFC 3062).
As usual - it's great that people want to help out and write up their
experiences using the software. It would be better if they actually
brought their writeups back into the Project (e.g., submissions to
ITS) so that they could be checked for accuracy, and eventually merged
into the Project's own doc offerings and regularly maintained. The
vast majority of 3rd party docs on the web is either outdated and no
longer correct, or was never correct in the first place. Until people
realize that going off on their own to write something is
self-defeating (that goes for both code and documentation) they're
only going to do more harm than good. The community works because we
all learn from each other and all of our work improves as a result.
Working outside of the community will only generate dead ends.
The info I found never explicitly stated either way whether multiple
hashes could be listed but since the info I found would only list one
hash in the examples I had to assume that multiple hashes weren't
allowed since the text wouldn't claim otherwise. I didn't have access
to the manpage on my local setup so thanks for the information Howard.