Ben,

I would like to use GSSAPI for my replication. Would you be willing to share how you went about it?

Thanks,
Brendan

On Fri, Mar 8, 2024, 1:05 PM Ben Poliakoff <benp@reed.edu> wrote:
You definitely won't be able to use a password hash as a credential for syncrepl. A hash is a one way function so you can't readily drive the password from it (except via exhaustive brute force). 

To avoid storing a clear text password in your config, you'll need to use another mechanism such as GSSAPI. That's what I use in my installations. x509 certificates/keys might be another option. 

All of the options are more complicated that using a plain text password, but they're also bit more secure.

Ben

On Fri, Mar 8, 2024, 9:43 AM <mbalakri@opentext.com> wrote:
How to configure olcSyncrepl without a plaintext password? I tried using credentials="{SSHA256}jRlrKRCcrhYo7SqbPDc5WkoSxaHc8y/e0DPWaAnveUkQpQ7wEOWhsw==" format. Does olcSyncrepl accepts password in {SSHA256} format?