Re: password hashes

[Brandon McCombs <bmccombs@ma.rr.com>]

Howard Chu wrote:
> Brandon McCombs wrote:
> > I'm gathering from reading various sites that openldap doesn't allow 
> > a person to specify multiple hash algorithms in the slapd.conf file. 
> > Is this correct?
>
> Gathering info from various sites around the web is a bad idea, when 
> the info is plainly available in the OpenLDAP documentation, in this 
> case the slapd.conf(5) manpage:
>
> password-hash <hash> [<hash>...]
>     This option configures one or more hashes to be used in generation 
> of user passwords stored in the userPassword attribute during 
> processing of LDAP Password Modify Extended Operations (RFC 3062).
>
> As usual - it's great that people want to help out and write up their 
> experiences using the software. It would be better if they actually 
> brought their writeups back into the Project (e.g., submissions to 
> ITS) so that they could be checked for accuracy, and eventually merged 
> into the Project's own doc offerings and regularly maintained. The 
> vast majority of 3rd party docs on the web is either outdated and no 
> longer correct, or was never correct in the first place. Until people 
> realize that going off on their own to write something is 
> self-defeating (that goes for both code and documentation) they're 
> only going to do more harm than good. The community works because we 
> all learn from each other and all of our work improves as a result. 
> Working outside of the community will only generate dead ends.
The info I found never explicitly stated either way whether multiple 
hashes could be listed but since the info I found would only list one 
hash in the examples I had to assume that multiple hashes weren't 
allowed since the text wouldn't claim otherwise.   I didn't have access 
to the manpage on my local setup so thanks for the information Howard.