4 Sep
2014
4 Sep
'14
11:20 a.m.
Hi - openldap version = 2.4.39
With: moduleload pw-sha2.la
I have an application that generates SHA256 b64 encoded hashes w/ a 4byte (16bit) salt and stores them in userPassword and binds work fine
When I add this to slapd.conf:
password-crypt-salt-format $5$rounds=1000$%.16s
And change my application to add 1000 iterations when it writes to userPassword, then binds fail
pw in userPassword is generated in this format: {SSHA256}b64Encoded(sha256Digest1000Iterations(pw+salt)+salt)
Is "password-crypt-salt-format" the correct place to specify we want to use iterations on our hashes? Is this configurable?