Re: Openldap support SHA-256 or SHA-3.

[Giuseppe De Marco <giuseppe.demarco@unical.it>]

Ho

I made SSHA512 as default this way

	dn: olcDatabase={-1}frontend,cn=config
	replace: olcPasswordHash
	olcPasswordHash: SSHA512
	EOF

Once pw-sha2 module was loaded

https://github.com/peppelinux/ansible-slapd-eduperson2016/blob/master/roles/slapd_configure/templates/modules/pw-sha2.ldif

Il mar 7 gen 2020, 21:24 Quanah Gibson-Mount <quanah@symas.com> ha scritto:

--On Tuesday, January 7, 2020 11:52 AM -0800 rammohan ganapavarapu
<rammohanganap@gmail.com> wrote:

>
> Quanah,
>
>
> Thanks for the quick reply, is there any plans to make SSHA512 default?

No.  As I said, SHA1 is mandated by RFC.

> also is there any migration steps to move from SHA-1 to SSHA512 ?

After deploying the sha2 module, all users must change their password so
the hash gets updated.  There is no way to magically convert existing
hashes from SSHA1 to another scheme.

--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>