https://bugs.openldap.org/show_bug.cgi?id=9203
Bug ID: 9203 Summary: No manual page for module 'pw-argon2' Product: OpenLDAP Version: 2.5 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: contrib Assignee: bugs@openldap.org Reporter: peter@adpm.de Target Milestone: ---
Created attachment 698 --> https://bugs.openldap.org/attachment.cgi?id=698&action=edit add manual page to pw-argon2 contrib module
Hi,
the pw-argon2 password module lacks a manual page.
Please find attached patches to upstream to fix the issue.
I'd appreciate if you include them into OpenLDAP.
The referenced files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Peter Marschall peter@adpm.de. I have not assigned rights and/or interest in this work to any party.
The referenced modifications to OpenLDAP Software are subject to the following notice: Copyright 2015 Peter Marschall Redistribution and use in source and binary forms, with or without modification, are permitted only as authorizedy y the OpenLDAP Public License.
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #1 from peter@adpm.de peter@adpm.de --- Created attachment 699 --> https://bugs.openldap.org/attachment.cgi?id=699&action=edit update README to pw-argon2's name change
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- Hi Peter,
I would note that you can now go to git.openldap.org (running gitlab), create your own login, fork openldap, and create a merge requests for changes.
I'm still working on the documentation for the new process but thought you might like to know.
Also the date on your IPR statement seems.. odd. It says 2015, 5 years ago...
Regards, Quanah
https://bugs.openldap.org/show_bug.cgi?id=9203
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |CONFIRMED
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #3 from Ryan Tandy ryan@openldap.org --- Not mentioned here (or I guess in README) is that Ondřej made pw-argon2 configurable via parameters specified at load time.
https://git.openldap.org/openldap/openldap/-/commit/af5ed7c6e27d596dbed440c9...
e.g.
olcModuleLoad: pw-argon2 m=8192 t=5 p=3
m= Argon2 memory limit (in KiB if built against the reference impl, in bytes if built against libsodium)
t= iterations
p= parallelism (thread count for reference impl, ignored with libsodium)
Not a blocker for applying the patch, just making the note.
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #4 from peter@adpm.de peter@adpm.de --- Created attachment 701 --> https://bugs.openldap.org/attachment.cgi?id=701&action=edit document options implemented
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #5 from Ondřej Kuzník ondra@mistotebe.net --- It was intended that the m=,t=,p= parameters equal the crypt form for new hashes where possible. IIRC, couldn't find a way to let libsodium know what the desired p= value should be.
If there's any discrepancy between the provided value and the final parameters (except for p= above), that's a bug and should be fixed.
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #6 from peter@adpm.de peter@adpm.de --- (In reply to Ondřej Kuzník from comment #5)
It was intended that the m=,t=,p= parameters equal the crypt form for new hashes where possible. IIRC, couldn't find a way to let libsodium know what the desired p= value should be.
If there's any discrepancy between the provided value and the final parameters (except for p= above), that's a bug and should be fixed.
See ITS#9206 to get the m= parameter aligned between libsodium & libargon2.
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #7 from peter@adpm.de peter@adpm.de --- Update to the IPR (fixing the copy&paste error in the Copyright):
The referenced files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Peter Marschall peter@adpm.de. I have not assigned rights and/or interest in this work to any party.
The referenced modifications to OpenLDAP Software are subject to the following notice: Copyright 2020 Peter Marschall Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #8 from peter@adpm.de peter@adpm.de --- Hi Quanah,
On Montag, 6. April 2020 18:57:21 CEST wrote:
I would note that you can now go to git.openldap.org (running gitlab), create your own login, fork openldap, and create a merge requests for changes. I'm still working on the documentation for the new process but thought you might like to know.
I am waiting for the documentation ;-) Until then you can merge the patches, which are in git format, using 'git am' and get them properly committed (with original commit message, the correct author, ...)
Also the date on your IPR statement seems.. odd. It says 2015, 5 years
ago... Copy pasta: fixed in a comment.
https://bugs.openldap.org/show_bug.cgi?id=9203
Ryan Tandy ryan@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9206
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #9 from Ryan Tandy ryan@openldap.org --- I don't know whether it's worth noting, but the defaults still differ by implementation:
- libargon2: m=4096, t=3, p=1 - libsodium: m=65535, t=2, p=1
and anyway those could still change with future versions (in libsodium's case: even when recompiled with a newer libsodium)... perhaps it should just say that the defaults are determined at compile time?
https://bugs.openldap.org/show_bug.cgi?id=9203
Ryan Tandy ryan@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS
--- Comment #10 from Ryan Tandy ryan@openldap.org --- https://git.openldap.org/openldap/openldap/-/merge_requests/25
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #11 from Ondřej Kuzník ondra@mistotebe.net --- I didn't think defaults being different really mattered and just picked those suggested by each implementation. These parameters are then stored in the hash if we're generating a new one and both know how to use it from there when verifying an existing one.
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #12 from Ryan Tandy ryan@openldap.org --- (In reply to Ondřej Kuzník from comment #11)
I didn't think defaults being different really mattered and just picked those suggested by each implementation.
That's fine and not a problem at all, just that the proposed man page currently documents the Argon2 defaults, and would be misleading when compiled against libsodium. Personally I'm inclined to fix that by just not documenting the default values.
https://bugs.openldap.org/show_bug.cgi?id=9203
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.0
https://bugs.openldap.org/show_bug.cgi?id=9203
--- Comment #13 from Quanah Gibson-Mount quanah@openldap.org --- Commits: • 5c20342b by Peter Marschall at 2020-04-14T09:26:19-07:00 ITS#9203 contrib/passwd/argon2: add manual page
Add manual page slapd-pw-argon2.5 and make sure it gets installed.
Signed-off-by: Peter Marschall peter@adpm.de
• 2be4576a by Ryan Tandy at 2020-04-14T09:26:19-07:00 ITS#9203 slapd-argon2 -> pw-argon2
Based on initial patch by Peter Marschall.
• feb6f21d by Ryan Tandy at 2020-04-14T09:26:19-07:00 ITS#9203 Remove default values from slapd-pw-argon2.5
The defaults vary by crypto library and possibly even version, so it's not worth trying to keep them accurate.
https://bugs.openldap.org/show_bug.cgi?id=9203
Ryan Tandy ryan@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|IN_PROGRESS |RESOLVED
https://bugs.openldap.org/show_bug.cgi?id=9203
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED Target Milestone|2.5.0 |2.4.50
https://bugs.openldap.org/show_bug.cgi?id=9203
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
-
openldap-its@openldap.org