Re: Modern Password Hashes in Openldap?
Quanah Gibson-Mount wrote:
--On Monday, April 29, 2013 3:28 PM -0700 Chris Hiestand
<chiestand(a)salk.edu>
wrote:
> Since SSHA-1 is weak these days I'd like to switch to PBKDF2, Bcrypt or
> the like with key stretching. Since Openldap does not support relatively
> strong hashes, do you guys use SASL to store stronger hashes? If so, what
> kind of backend are you using to store hashes?
I would suggest you look at the contrib password module, which supports a
number of schemes.
To be more precise:
One could use the sources in contrib/slapd-modules/passwd/ as a template for
implementing PBKDF2, Bcrypt, etc. schemes. There are no such implementations yet.
Ciao, Michael.
Attachments:
- smime.p7s (application/pkcs7-signature — 3.8 KB)