[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Modern Password Hashes in Openldap?

To: Quanah Gibson-Mount <quanah@zimbra.com>, Chris Hiestand <chiestand@salk.edu>, openldap-technical@openldap.org
Subject: Re: Modern Password Hashes in Openldap?
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 30 Apr 2013 08:21:30 +0200
In-reply-to: <516730EB8E9CC57C9DDD0F91@[192.168.1.26]>
References: <235D6052-E1CD-41E3-92EF-191350F16439@salk.edu> <516730EB8E9CC57C9DDD0F91@[192.168.1.26]>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17.1

Quanah Gibson-Mount wrote:
> --On Monday, April 29, 2013 3:28 PM -0700 Chris Hiestand <chiestand@salk.edu>
> wrote:
> 
>> Since SSHA-1 is weak these days I'd like to switch to PBKDF2, Bcrypt or
>> the like with key stretching. Since Openldap does not support relatively
>> strong hashes, do you guys use SASL to store stronger hashes? If so, what
>> kind of backend are you using to store hashes?
> 
> I would suggest you look at the contrib password module, which supports a
> number of schemes.

To be more precise:
One could use the sources in contrib/slapd-modules/passwd/ as a template for
implementing PBKDF2, Bcrypt, etc. schemes. There are no such implementations yet.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Modern Password Hashes in Openldap?
  - From: Chris Hiestand <chiestand@salk.edu>
- Re: Modern Password Hashes in Openldap?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: Modern Password Hashes in Openldap?
Next by Date: Re: Chaining stops working after slapd restart
Index(es):
- Chronological
- Thread