--On Wednesday, January 8, 2020 10:27 AM +0100 Simone Piccardi
<piccardi(a)truelite.it> wrote:
Il 08/01/20 03:05, Quanah Gibson-Mount ha scritto:
>
> In any case, I've been advocating for several years now to get rid of
> SSHA as the default hashing mechanism and replace it with something that
> may actually have some security value.
But in the current version it better to use the contrib module, or
delegate the hashing to the C library? I'm currently using on new install:
password-hash {CRYPT}
password-crypt-salt-format "$6$%.16s"
but I'm using only Linux, I don't know if this is applicable on other OS.
The use of CRYPT may be non-portable. In addition to the SSHA2 password
module, there's a module on github that allows the use of bcrypt:
<
https://github.com/wclarie/openldap-bcrypt/>
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<
http://www.symas.com>