--On Wednesday, January 8, 2020 10:27 AM +0100 Simone Piccardi piccardi@truelite.it wrote:
Il 08/01/20 03:05, Quanah Gibson-Mount ha scritto:
In any case, I've been advocating for several years now to get rid of SSHA as the default hashing mechanism and replace it with something that may actually have some security value.
But in the current version it better to use the contrib module, or delegate the hashing to the C library? I'm currently using on new install:
password-hash {CRYPT} password-crypt-salt-format "$6$%.16s"
but I'm using only Linux, I don't know if this is applicable on other OS.
The use of CRYPT may be non-portable. In addition to the SSHA2 password module, there's a module on github that allows the use of bcrypt:
https://github.com/wclarie/openldap-bcrypt/
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com