>> Quanah Gibson-Mount <quanah(a)symas.com> schrieb am
13.01.2020 um 17:14 in
‑‑On Monday, January 13, 2020 12:07 PM +0100 Ulrich Windl
>>>> Giuseppe De Marco <giuseppe.demarco(a)unical.it> schrieb am
> in Nachricht
>> Probably it's time to consider the deprecation of SHA1
> The question is how much existing OSes would be impressed by that,
> meaning: If the OS can only handle SHA1, it does not help declaring it
The OS is completely and utterly irrelvant to the discussion. It has no
knowledge of the internal hashing mechanism used by OpenLDAP.
So you are assuming all systems are using the extended operation to
authenticate? Acually I've see code that reads the LDAP user's password and
then "combines" that with a password the user has entered.
In the former case the password encoding matters. I'm not saying the pattern
is good, but I've seen it.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: