[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PAM authentication and PPolicy issues

To: Francesco Belli <Francesco.Belli@vegaspace.com>
Subject: Re: PAM authentication and PPolicy issues
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Wed, 20 Jun 2012 21:03:29 +0100
Cc: Patrick Hemmer <openldap@stormcloud9.net>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <FC230C66F47C8543B026F265E1E91D5823703BAD@GEDASPW05.a.space.corp>
References: <FC230C66F47C8543B026F265E1E91D5823703AA7@GEDASPW05.a.space.corp> <CAK_oV48aHMMvG9zY+VVJORm1=XG6k3X+x-Eom3X4DjOuO9E+1g@mail.gmail.com> <FC230C66F47C8543B026F265E1E91D5823703ADD@GEDASPW05.a.space.corp> <CAK_oV48y1RUyTPZuGojju8WZ-e4KhNGdjFKeVG00dbMO9mYz+A@mail.gmail.com> <4FE1CD61.2030006@stormcloud9.net> <FC230C66F47C8543B026F265E1E91D5823703BAD@GEDASPW05.a.space.corp>
User-agent: Mutt/1.5.21 (2010-09-15)

On Wed, Jun 20, 2012 at 01:44:05PM +0000, Francesco Belli wrote:

> Now Iâm using http://
> www.openldap.org/software/man.cgi?query=slapo-ppolicy&apropos=0&sektion=5&
> manpath=OpenLDAP+2.3-Release&format=html as reference for ppolicy. My

The 2.3 release series is very old now. You should be using 2.4 and
the 2.4 manuals:

	http://www.openldap.org/software/man.cgi

> Iâm testing with SHA stored passwords the pwdInHistory directive.

SHA is much better than plaintext, but best practice is to use a
salted hash - SSHA in this case. The use of salt frustrates attempts
to build a dictionary to invert stolen password records. If LinkedIn
had used salt in their password hashes they would now be in less
trouble as a result of the recent disclosure...

	https://community.qualys.com/blogs/securitylabs/2012/06/08/lessons-learned-from-cracking-2-million-linkedin-passwords

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- PAM authentication and PPolicy issues
  - From: Francesco Belli <Francesco.Belli@vegaspace.com>
- Re: PAM authentication and PPolicy issues
  - From: Clément OUDOT <clem.oudot@gmail.com>
- Re: PAM authentication and PPolicy issues
  - From: Clément OUDOT <clem.oudot@gmail.com>
- Re: PAM authentication and PPolicy issues
  - From: Patrick Hemmer <openldap@stormcloud9.net>
- RE: PAM authentication and PPolicy issues
  - From: Francesco Belli <Francesco.Belli@vegaspace.com>

Prev by Date: Re: authentication problem
Next by Date: Re: adding schema to master
Index(es):
- Chronological
- Thread