24 Feb
2017
24 Feb
'17
12:06 p.m.
Quanah Gibson-Mount wrote:
I think it would be wise to update OpenLDAP to a different default for userPassword.
Yes!
We currently have the Contrib SHA2 module,
SHA-2 hashes with one round are also way too fast to be a good password hash algorithm.
It may be time to move the SHA2 module into core,
Yes, but there should be something stronger.
How about moving ./contrib/slapd-modules/passwd/pbkdf2 to core?
Ciao, Michael.