On Thu, Mar 9, 2023 at 1:52 PM Stefan Kania stefan@kania-online.de wrote:
Another strange thing about passwords on the same machine. As I told you before, we switch to ssha as paswordhash. The server works. But now we start to create new passwords with "slappasswd", we are getting a {SSHA}<hash>. But when change the password via ldif. The password is never valid. We did it several times, and it's always the same. But when changing passwords via LDAP account manager, the password works, them when creating the SSHA-password with: https://projects.marsching.org/weave4j/util/genpassword.php
The OpenLDAP-Server runs on a vmWare vm with the following CPU
processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 45 model name : Intel(R) Xeon(R) CPU E5-2630 0 @ 2.30GHz stepping : 7 microcode : 0x713 cpu MHz : 2294.250 cache size : 15360 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc cpuid pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx hypervisor lahf_lm pti ibrs ibpb stibp tsc_adjust arat arch_capabilities bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs itlb_multihit mmio_unknown retbleed bogomips : 4588.50 clflush size : 64 cache_alignment : 64 address sizes : 43 bits physical, 48 bits virtual power management:
Any idea? A log time ago I read something about problems with Entropy in vmWare but I can't remember what it was. Could this be my problem with argon2 and slappasswd?
This is interesting (in a morbid sort of way)...
Intel Ark says your CPU has AVX2 (https://ark.intel.com/content/www/us/en/ark/products/83356/intel-xeon-proces...), but the avx2 flag is missing in:
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable nonstop_tsc cpuid pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx hypervisor lahf_lm pti ibrs ibpb stibp tsc_adjust arat arch_capabilities
I'm guessing (and it is just a guess), you are getting into the AVX2 code paths at https://git.symas.net/symas-public/libargon2/-/blob/master/src/opt.c .
I would rebuild libargon, and set OPTTARGET=x86_64.
Jeff