[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Openldap support SHA-256 or SHA-3.
- To: rammohan ganapavarapu <rammohanganap@gmail.com>
- Subject: Re: Openldap support SHA-256 or SHA-3.
- From: Quanah Gibson-Mount <quanah@symas.com>
- Date: Tue, 07 Jan 2020 12:22:05 -0800
- Cc: openldap-technical@openldap.org
- Content-disposition: inline
- Dkim-filter: OpenDKIM Filter v2.10.3 zmcc-2-mta-1.zmailcloud.com F3D21CF35E
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symas.com; s=37C7994C-28CA-11EA-A30F-68F90BB9D764; t=1578428527; bh=63E8u2SCBhR/8pOH5ltcyxzn7A5zr9UuPlspkoDySPo=; h=Date:From:To:Message-ID:MIME-Version; b=dB3EutriDpskueVdqDY5ZUJ0PROXoh+Bh5o0S9HDvaLzrLPY9Xtu6caQLoqHY0jwy BhjmoSU/mvt2mWBvEJw/hST1cNKbExB8C9iaorq0rjRC/6w8pX3yC+lJcEZ9o7h/EU 16Z/jpOwnN6VxlwStEdly9aeRpFuVl+SlnRodd1OulM/pEuC1ZH7iucrFN00Boefi0 ynWZA19O9/r2GT6SQwePJv9PY5vj7mxZrj1ptbfKQibn/V2DYAAGWtIwVKk77v0TB0 gXGqP8BxNfDuBwlF2K0IctnpS4J4UxvIvZxX/DksWassq4gxm7c3RyptrMskPHfVts HzUE8gbBjvLPA==
- In-reply-to: <CALm_Vji=Mok7kkZ96+EEAu_Osw0rVjBANBrdejKFs=fEr--3HQ@mail.gmail.com>
- References: <CALm_Vjh4vgOBu8kZrJzRheAyqbZVL0OoE-nRAvc1z+nb-Eow9Q@mail.gmail.com> <67753E9A5A2A2945F035E0CC@192.168.1.144> <CALm_Vji=Mok7kkZ96+EEAu_Osw0rVjBANBrdejKFs=fEr--3HQ@mail.gmail.com>
--On Tuesday, January 7, 2020 11:52 AM -0800 rammohan ganapavarapu
<rammohanganap@gmail.com> wrote:
Quanah,
Thanks for the quick reply, is there any plans to make SSHA512 default?
No. As I said, SHA1 is mandated by RFC.
also is there any migration steps to move from SHA-1 to SSHA512 ?
After deploying the sha2 module, all users must change their password so
the hash gets updated. There is no way to magically convert existing
hashes from SSHA1 to another scheme.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>