30 Nov
2021
30 Nov
'21
11 p.m.
"A. Schulze" sca@andreasschulze.de schrieb am 26.11.2021 um 23:34 in
Nachricht a8e1310c-2367-34f3-18ff-7be28bb5369f@andreasschulze.de:
Hello,
using slapo-ppolicy I could configure slapd to hash a password if it's sent unhashed.
moduleload ppolicy.la moduleload argon2.la password-hash {ARGON2}
database mdb suffix dc=test ... overlay ppolicy ppolicy_default "cn=default,ou=ppolicies,dc=test" ppolicy_hash_cleartext
That work and I could hash them using ARGON2.
But clients could still hash a password them self and write '{MD5}...' as userPassword for example. Is it possible to reject any userPasswords prefixed with hash schema?
But isn't the real question whether clients using MD5 can handle ARGON2?
Andreas