Judith Flo Gaya wrote: ...
At least i could see that the password exop option in the pam_ldap.conf lets the server to apply the security to the password, so I think I can change it within the slapd.conf file.
Yes, and if you don't specify "password-hash" in slapd.conf, ssha is used. It is the default.
do you suggest to use salt?
ssha use salt.
Thanks a lot for your help, j
BTW have you read rfc-3062 ? http://www.faqs.org/rfcs/rfc3062.html
If you configure your clients to use "password exop" you should be sure that the clients use any kind of network protection, TLS or SSL.
TinyCA is a perl based GTK-GUI which may help you to generate certs and keys.
Until you are ready to use TLS/SSL I sugggest that you let the client encrypt the passwords local.