27 Nov
2021
27 Nov
'21
12:31 p.m.
Am 27.11.21 um 00:50 schrieb Michael Ströder:
On 11/26/21 23:34, A. Schulze wrote:
using slapo-ppolicy I could configure slapd to hash a password if it's sent unhashed. > [..] overlay ppolicy ppolicy_default "cn=default,ou=ppolicies,dc=test" ppolicy_hash_cleartext [..] That work and I could hash them using ARGON2. [..] Is it possible to reject any userPasswords prefixed with hash schema?
See slapo-ppolicy(5) for attribute 'pwdCheckQuality'.
I set pwdCheckQuality=2 and the system behave in the desired manner. Thanks for the hint!
Andreas