12:36 p.m.
All,
I found Quanah's response to a post
(http://www.openldap.org/lists/openldap-devel/201411/msg00012.html), which
brought up a question(s).
1) I have the olcModule pw-sha2.la loaded in "cn=module{0},cn=config"
2) Looking at Quanahs reply, in the link above, he states:
now, if you want to make something like say, SHA512 the default, then you
need to modify the frontend config db:
dn: olcDatabase={-1},cn=config
changetype: modify
replace: olcPasswordHash
olcPasswordHash: {SSHA512}
Now, if I add, something like the above, and the current olcRootPW attribute
shows {SSHA}, is that going to modify current password hashes or only going
forward?
I tried the above, on cn=config, but received the following error
"According to the schema attribute olcPasswordHash is not allowed"
Thanks in advance,
John D. Borresen (Dave)
Linux/Unix Systems Administrator
MIT Lincoln Laboratory
Email: <mailto:john.borresen@ll.mit.edu> john.borresen(a)ll.mit.edu
12:58 p.m.
Borresen, John - 0444 - MITLL wrote:
replace: olcPasswordHash
olcPasswordHash: {SSHA512}
Now, if I add, something like the above, and the current olcRootPW attribute
shows {SSHA}, is that going to modify current password hashes or only going
forward?
It affects only new passwords generated.
Old password hashes of various schemes still work.
Ciao, Michael.
5:29 a.m.
Thanks Michael for the quick reply.
But, the error that I am getting when trying to add the following:
dn: olcDatabase={-1},cn=config
changetype: modify
replace: olcPasswordHash
olcPasswordHash: {SSHA512}
According to the schema attribute olcPasswordHash is not allowed
Is stumping me. Not sure schema, if any, to add.
Thanks in advance.
John D. Borresen (Dave)
Ph: (781) 981-1609
Email: john.borresen(a)ll.mit.edu
-----Original Message-----
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On
Behalf Of Michael Ströder
Sent: Tuesday, February 23, 2016 3:59 PM
To: Borresen, John - 0444 - MITLL; openldap-technical(a)openldap.org
Subject: Re: PasswordHash
Borresen, John - 0444 - MITLL wrote:
replace: olcPasswordHash
olcPasswordHash: {SSHA512}
Now, if I add, something like the above, and the current olcRootPW
attribute
shows {SSHA}, is that going to modify current password hashes or only
going
forward?
It affects only new passwords generated.
Old password hashes of various schemes still work.
Ciao, Michael.
10:04 a.m.
Borresen, John - 0444 - MITLL wrote:
Thanks Michael for the quick reply.
But, the error that I am getting when trying to add the following:
dn: olcDatabase={-1},cn=config
^^^^^^^^^^^^^^^^^
changetype: modify
replace: olcPasswordHash
olcPasswordHash: {SSHA512}
According to the schema attribute olcPasswordHash is not allowed
I'd try "dn: olcDatabase={-1}frontend,cn=config" instead.
Ciao, Michael.
10:24 a.m.
Thanks Michael...
I just found a post from Quanah from 2008 stating that...and it worked.
Thanks for your help!
John D. Borresen (Dave)
Email: john.borresen(a)ll.mit.edu
-----Original Message-----
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On
Behalf Of Michael Ströder
Sent: Wednesday, February 24, 2016 1:04 PM
To: Borresen, John - 0444 - MITLL; openldap-technical(a)openldap.org
Subject: Re: PasswordHash
Borresen, John - 0444 - MITLL wrote:
Thanks Michael for the quick reply.
But, the error that I am getting when trying to add the following:
dn: olcDatabase={-1},cn=config
^^^^^^^^^^^^^^^^^
changetype: modify
replace: olcPasswordHash
olcPasswordHash: {SSHA512}
According to the schema attribute olcPasswordHash is not allowed
I'd try "dn: olcDatabase={-1}frontend,cn=config" instead.
Ciao, Michael.
2775
days inactive
2776
days old
openldap-technical@openldap.org
4 comments
2 participants
participants (2)
-
Borresen, John - 0444 - MITLL -
Michael Ströder