[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Change Defaulth ssha passoword encryption algorithm
Le 25/08/2016 à 18:12, Net Warrior a écrit :
Hi Guys
I need some guidance on this, I configured a ppolicy for a DIT which
has all the users in plain password, I added to following to the policy
changetype: modify
replace: olcPPolicyHashCleartext
olcPPolicyHashCleartext: FALSE
When the user reset it password, it changes from clear password to
encrypted using ssha but I want to store them using md5crypt, what do
I need to change in my configuration?
See olcPasswordHash parameter.
From man slapd-config :
olcPasswordHash: <hash> [<hash>...]
This option configures one or more hashes to be used
in generation of user passwords stored in the userPassword attribute
during processing of LDAP
Password Modify Extended Operations (RFC 3062). The
<hash> must be one of {SSHA}, {SHA}, {SMD5}, {MD5}, {CRYPT}, and
{CLEARTEXT}. The default is
{SSHA}.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1),
the latter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the
latter with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be
added to userPassword as clear text.
Note that this option does not alter the normal user
applications handling of userPassword during LDAP Add, Modify, or other
LDAP operations. This
setting is only allowed in the frontend entry.
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
87, rue de Turbigo - 75003 PARIS
Blog: http://sflx.ca/coudot