Ulrich Windl schrieb am 05.09.2014 um 08:13 in Nachricht <5409549A.353 : 161 :
60728>:
bitsofinfo bitsofinfo.g@gmail.com schrieb am 04.09.2014 um 20:20 in Nachricht
Hi - openldap version = 2.4.39
With: moduleload pw-sha2.la
I have an application that generates SHA256 b64 encoded hashes w/ a 4byte (16bit) salt and stores them in userPassword and binds work fine
When I add this to slapd.conf:
password-crypt-salt-format $5$rounds=1000$%.16s
Isn't that passed to crypt(3) of glibc? If so, the format seems to be $id$salt$encrypted And the length of the salt seems to be fixed (86 characters!)
Sorry: The salt is up to 16 characters; the _oervall size_ is 86 characters.
Regards, Ulrich
And change my application to add 1000 iterations when it writes to userPassword, then binds fail
pw in userPassword is generated in this format: {SSHA256}b64Encoded(sha256Digest1000Iterations(pw+salt)+salt)
Is "password-crypt-salt-format" the correct place to specify we want to use iterations on our hashes? Is this configurable?