Hallvard B Furuseth wrote:
Though why use SHA instead of the default SSHA (salted SHA)? Even CRYPT passwords have a salt.
Googleapps v2 (not my choice) supports SHA-1 with regards to passwords. I am trying to make LDAP synchronisation works including synchronising passwords. The only other option appears to be plaintext.
And there ought to be a password expiry policy in place so users will need to change old passwords anyway. If LDAP is your authorative store for passwords, see man slapo-ppolicy.
I know about the password policy. It's a bit problematic to implement into the existing system. The main issue I remember is that I wanted to implement the policy for select groups, ou=People for example, but NOT ou=FTPusers or ou=Virtual since those accounts can't readily change the password. I couldn't find a way to do that.
Regards, Jeroen