[Date Prev][Date Next] [Chronological] [Thread] [Top]

PBKDF2 for OpenLDAP

To: openldap-technical@openldap.org
Subject: PBKDF2 for OpenLDAP
From: Tsukasa HAMANO <hamano@osstech.co.jp>
Date: Fri, 08 Nov 2013 16:13:07 +0900
User-agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (GojÅ) APEL/10.8 EasyPG/1.0.0 Emacs/24.3 (x86_64-unknown-linux-gnu) MULE/6.0 (HANACHIRUSATO)

Hi, 

I was concerned that OpenLDAP have no modern key derivation function.
(It seems eglibc's crypt(3) has bcrypt, but it's depends environment)
So I just implemented PBKDF2 module for OpenLDAP.

https://github.com/hamano/openldap-pbkdf2

# Installation

$ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/
$ git clone https://github.com/hamano/openldap-pbkdf2.git
$ cd openldap-pbkdf2/
$ make
# make install

in slapd.conf:
moduleload pw-pbkdf2.so
password-hash {PBKDF2}

# Usage

$ slappasswd -o module-load=pw-pbkdf2.la -h {PBKDF2} -s secret
{PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw

This format is compatible with Python's passlib.hash.ldap_pbkdf2_sha1
http://pythonhosted.org/passlib/lib/passlib.hash.ldap_pbkdf2_digest.html

And also, I have roadmap to implement {PBKDF2-SHA256} and
{PBKDF2-SHA512} schemes in the future.

Could you merge the module into contrib/ directory?

Thank you.

-- 
Open Source Solution Technology Corporation
HAMANO Tsukasa <hamano@osstech.co.jp>
fingerprint = 2285 2111 6D34 3816 3C2E  A5B9 16BE D101 6069 BE55

Follow-Ups:
- Re: PBKDF2 for OpenLDAP
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Reseting content/database/schema
Next by Date: Re: PBKDF2 for OpenLDAP
Index(es):
- Chronological
- Thread