[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antw: Re: Openldap support SHA-256 or SHA-3.

To: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, giuseppe.demarco@unical.it
Subject: Re: Antw: Re: Openldap support SHA-256 or SHA-3.
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Tue, 14 Jan 2020 08:01:44 -0800
Cc: openldap-technical@openldap.org
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.10.3 zmcc-2-mta-1.zmailcloud.com 07969CE697
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symas.com; s=37C7994C-28CA-11EA-A30F-68F90BB9D764; t=1579017704; bh=6deOOkuR5lO3Zdk/W3R+WJmatTLQ1b7vm1XJVZQvgJw=; h=Date:From:To:Message-ID:MIME-Version; b=H/6Zbs2Qk+0CvAWxYe3XunJn9S1ZcrPU9rI6ha8aBMTTKzsuRjjOUx6slWJkNFkZw zF7SEgeRKnqWC++GNtsBx/pHrdUtCITLObzVEXVvOqoZsTct4sl+dJEn/lUjvIQHEv JNkNioeo4KcuWvYr9OdFqWyIMoWTSWOy1CKgJ9/5Liijm6MSKZDJPUUkQSJ8aTnD3q CM1EAy75ofOMnmxAi7m/VTlumxpx9q3RUDFfvITdK229GntqTTz/M9hJ1mj58yIRcz Am91NQct+KkW4n93hwKQm6ikJ82yXVbkgVji7vIt2zqzFX+47miEejs9Nval/Jykms q6NkVvS/5+U/w==
In-reply-to: <5E1D76E8020000A1000364BB@gwsmtp.uni-regensburg.de>
References: <CALm_Vjh4vgOBu8kZrJzRheAyqbZVL0OoE-nRAvc1z+nb-Eow9Q@mail.gmail. com> <67753E9A5A2A2945F035E0CC@192.168.1.144> <CALm_Vji=Mok7kkZ96+EEAu_Osw0rVjBANBrdejKFs=fEr--3HQ@mail.gmail.com> <1C6038D9E08BE216B90B3FF4@[192.168.1.144]> <7209ad32-c522-bc3e-e863-a5ff72c18e8b@stroeder.com> <7180359711BF1270F919BD53@[192.168.1.144]> <930e4cf3-240f-155e-1cbc-c74f68b9ba3e@stroeder.com> <CABms+Yrhi7PkwV2z99T5W3i6D2jpbo8s8=GESTLYyXb5mh8jdg@mail.gmail.com> <5E1C4F5D020000A1000363EE@gwsmtp.uni-regensburg.de> <071D2235949B1A9339670C6A@[192.168.1.144]> <5E1D76E8020000A1000364BB@gwsmtp.uni-regensburg.de>

--On Tuesday, January 14, 2020 9:08 AM +0100 Ulrich Windl<Ulrich.Windl@rz.uni-regensburg.de> wrote:

The OS is completely and utterly irrelvant to the discussion. It has no
knowledge of the internal hashing mechanism used by OpenLDAP.


So you are assuming all systems are using the extended operation to
authenticate? Acually I've see code that reads the LDAP user's password
and then "combines" that with a password the user has entered.
In the former case the password encoding matters. I'm not saying the
pattern is good, but I've seen it.

Then the application is dependent on clear text passwords, not hashedpasswords, and again is irrelevant to this discussion.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

References:
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Michael Ströder <michael@stroeder.com>
- Re: Openldap support SHA-256 or SHA-3.
  - From: Giuseppe De Marco <giuseppe.demarco@unical.it>
- Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>
- Re: Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: Quanah Gibson-Mount <quanah@symas.com>
- Re: Antw: Re: Openldap support SHA-256 or SHA-3.
  - From: "Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>

Prev by Date: Antw: Re: Replication account problem
Next by Date: Re: Antw: Re: Openldap support SHA-256 or SHA-3.
Index(es):
- Chronological
- Thread