30 Apr
2013
30 Apr
'13
6:21 a.m.
Quanah Gibson-Mount wrote:
--On Monday, April 29, 2013 3:28 PM -0700 Chris Hiestand chiestand@salk.edu wrote:
Since SSHA-1 is weak these days I'd like to switch to PBKDF2, Bcrypt or the like with key stretching. Since Openldap does not support relatively strong hashes, do you guys use SASL to store stronger hashes? If so, what kind of backend are you using to store hashes?
I would suggest you look at the contrib password module, which supports a number of schemes.
To be more precise: One could use the sources in contrib/slapd-modules/passwd/ as a template for implementing PBKDF2, Bcrypt, etc. schemes. There are no such implementations yet.
Ciao, Michael.