Quanah Gibson-Mount quanah@symas.com schrieb am 14.01.2020 um 17:01 in
Nachricht <AF994E73E7CA71E6735A3267@[192.168.1.144]>:
‑‑On Tuesday, January 14, 2020 9:08 AM +0100 Ulrich Windl <Ulrich.Windl@rz.uni‑regensburg.de> wrote:
The OS is completely and utterly irrelvant to the discussion. It has no knowledge of the internal hashing mechanism used by OpenLDAP.
So you are assuming all systems are using the extended operation to authenticate? Acually I've see code that reads the LDAP user's password and then "combines" that with a password the user has entered. In the former case the password encoding matters. I'm not saying the pattern is good, but I've seen it.
Then the application is dependent on clear text passwords, not hashed passwords, and again is irrelevant to this discussion.
If it were cleartext, there would not be issues with the hash algorithm used IMHO. No, we were talking about SSHA and sucessors.
‑‑Quanah
‑‑
Quanah Gibson‑Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com