--On Friday, March 10, 2023 9:00 AM +0100 Stefan Kania stefan@kania-online.de wrote:
Am 09.03.23 um 20:49 schrieb Quanah Gibson-Mount:
--On Thursday, March 9, 2023 7:51 PM +0100 Stefan Kania stefan@kania-online.de wrote:
Another strange thing about passwords on the same machine. As I told you before, we switch to ssha as paswordhash.
SSHA is rather insecure. The Symas OpenLDAP builds ship with ARGON2 support which is advised to use. I've no idea how you are "changing the password via LDIF". Generally one should be using an LDAP v3 password modify operation for user accounts so that the server generates it automatically if it's been properly configured.
I know, starting with OpenLDAP2.5 I (normaly) only use argon2, but as I have written before argon2 let the OpenLDAP crash as soon as I try to authenticate with an argon2 password. I can only switch to argon2 as soon as I know why and how to handel the problem
Ok. I still don't know what 'changing the password via LDIF' means though.
:)
--Quanah