https://bugs.openldap.org/show_bug.cgi?id=9516
Issue ID: 9516 Summary: Argon2 configuration parameters with slappasswd Product: OpenLDAP Version: 2.4.58 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: gilbert.kowarzyk@servicenow.com Target Milestone: ---
It is currently possible to generate an Argon2 hash using slappasswd as follows:
slappasswd -h {ARGON2} -o module-load=pw-argon2
However, I believe that it is currently not possible to provide Argon2 configuration values for parameters "m", "t", and "p" when using slappasswd.
If it is currently possible to provide these config parameters when using slappasswd, please add documentation for how to do so.
Thanks in advance!
https://bugs.openldap.org/show_bug.cgi?id=9516
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.6.0
https://bugs.openldap.org/show_bug.cgi?id=9516
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |FIXED
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- • 8b353df0 by Ondřej Kuzník at 2021-04-14T18:17:59+01:00 ITS#9517 Add module args support to slappaswd and relevant docs
https://bugs.openldap.org/show_bug.cgi?id=9516
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED Target Milestone|2.6.0 |2.5.4
https://bugs.openldap.org/show_bug.cgi?id=9516
--- Comment #2 from Michael Ströder michael@stroeder.com --- Stuffing the Argon2 parameters into moduleload directive seems wrong to me.
IMO they should be defined by a config directive similar to password-crypt-salt-format or cn=config attribute olcPasswordCryptSaltFormat.
Suggested naming:
slapd.conf: password-argon2-params
cn=config: olcPasswordArgon2Params
Syntax of the config values could be the same like in moduleload directive.
https://bugs.openldap.org/show_bug.cgi?id=9516
--- Comment #3 from Howard Chu hyc@openldap.org --- (In reply to Michael Ströder from comment #2)
Stuffing the Argon2 parameters into moduleload directive seems wrong to me.
This is how optional params have always been passed to modules since the support for modules was added in the first place.
https://bugs.openldap.org/show_bug.cgi?id=9516
--- Comment #4 from Howard Chu hyc@openldap.org --- (In reply to Michael Ströder from comment #2)
Stuffing the Argon2 parameters into moduleload directive seems wrong to me.
IMO they should be defined by a config directive similar to password-crypt-salt-format or cn=config attribute olcPasswordCryptSaltFormat.
Suggested naming:
slapd.conf: password-argon2-params
cn=config: olcPasswordArgon2Params
Syntax of the config values could be the same like in moduleload directive.
slappasswd doesn't read any config files, so this suggestion won't work.
https://bugs.openldap.org/show_bug.cgi?id=9516
--- Comment #5 from diroots diroots@e.email --- (In reply to Howard Chu from comment #3)
(In reply to Michael Ströder from comment #2)
Stuffing the Argon2 parameters into moduleload directive seems wrong to me.
This is how optional params have always been passed to modules since the support for modules was added in the first place.
Hello howard,
one question about this possibility to define parameters with olcModuleLoad
what about the possibility to change the params?
as i read elsewhere, and tested, if i use olcModuleLoad a second time to change the params, i get the "Other (e.g., implementation specific) error (80)" error
-
openldap-its@openldap.org