Re: PAM authentication and PPolicy issues

On Wed, Jun 20, 2012 at 01:44:05PM +0000, Francesco Belli wrote: The 2.3 release series is very old now. You should be using 2.4 and the 2.4 manuals: http://www.openldap.org/software/man.cgi SHA is much better than plaintext, but best practice is to use a salted hash - SSHA in this case. The use of salt frustrates attempts to build a dictionary to invert stolen password records. If LinkedIn had used salt in their password hashes they would now be in less trouble as a result of the recent disclosure... https://community.qualys.com/blogs/securitylabs/2012/06/08/lessons-learne... Andrew -- ----------------------------------------------------------------------- | From Andrew Findlay, Skills 1st Ltd | | Consultant in large-scale systems, networks, and directory services | | http://www.skills-1st.co.uk/ +44 1628 782565 | -----------------------------------------------------------------------