Re: SHA-256 Password Support and OpenLDAP2-2.4.46 SLES15SP2
On 3/22/21 8:20 AM, Dario García Díaz-Miguel wrote:
> You should challenge this stupid policy. Not only because of
> password hashing, but also because release 2.4.46 is three years
> old. Newer OpenLDAP releases have many important fixes.>
Well we are not allowed to challenge any policy due to the sensitive
nature of the project.
I'm often involved in sensitive projects with really
strict regulations.
Be assured you can challenge such a stupid policy by just making clear
that the OS packages are not fully maintained anymore which pretty
likely violates some of the security regulations.
And if you have an audit team in place you just have to follow a
well-defined change management process. Well, most times you have to
define such a process yourself and explain it to the audit team. ;-)
Ciao, Michael.