I'd argue that slappassword shouldn't read the configuration and hence not support
'contributed' hash mechanisms.
But if you are going to make slappassword read the configuration, then it needs to be
restricted to only users who have read access to the configuration.
I have no real opinion about whether SHA-2 should or shouldn't be in the core set of
hashes... but personally I rather push folks towards SCRAM compatible hashes than the same
poor usages of newer hash algorithms.
Show replies by thread