[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Modern Password Hashes in Openldap?

To: Michael Ströder <michael@stroeder.com>
Subject: Re: Modern Password Hashes in Openldap?
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Wed, 1 May 2013 14:55:13 +0100
Cc: Chris Hiestand <chiestand@salk.edu>, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <517F62EA.2010603@stroeder.com>
References: <235D6052-E1CD-41E3-92EF-191350F16439@salk.edu> <516730EB8E9CC57C9DDD0F91@[192.168.1.26]> <517F62EA.2010603@stroeder.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On Tue, Apr 30, 2013 at 08:21:30AM +0200, Michael Ströder wrote:

> > --On Monday, April 29, 2013 3:28 PM -0700 Chris Hiestand <chiestand@salk.edu>
> > wrote:
> > 
> >> Since SSHA-1 is weak these days I'd like to switch to PBKDF2, Bcrypt or
> >> the like with key stretching. Since Openldap does not support relatively
> >> strong hashes, do you guys use SASL to store stronger hashes? If so, what
> >> kind of backend are you using to store hashes?

> To be more precise:
> One could use the sources in contrib/slapd-modules/passwd/ as a template for
> implementing PBKDF2, Bcrypt, etc. schemes. There are no such implementations yet.

Much easier: use one of the hash schemes supported by the underlying
platform's own crypt library. Most Linux, FreeBSD, OpenBSD, Solaris etc
will allow you to use a range of hash functions by specifying the salt
format string. The more recent hash formats allow you to choose the
number of iterations so that you can tune the algorithm to provide the
desired degree of protection against brute-force attacks.

See man crypt(3) on your platform for details of what is supported.

To enable this in slapd.conf add these lines to the global section:

password-hash {CRYPT}
password-crypt-salt-format "$6$%.12s"

The salt format here is '$6$' which invokes a SHA512-based hash method
and provides 12 characters (72 bits) of salt. It uses the default 5000
iterations. The table on Hashcat's home page suggests that this is around
50,000 times stronger than the simple SSHA1 hash.

For a slightly stronger hash you might choose bcrypt - introduced by
'$2a$' or '$2y$'. Before doing so you should read the description in
crypt(3) about bugs in early versions relating to 8-bit hashes.

To make sure that passwords presented as plaintext data in the
userPassword attribute get hashed, you should add the Password Policy
overlay:

overlay ppolicy
ppolicy_default "cn=Password Policy,dc=dir,dc=example,dc=org"
ppolicy_hash_cleartext

... and create a default policy entry something like this:

# Applies to userPassword (2.5.4.35)
dn: cn=Password Policy,dc=dir,dc=example,dc=org
objectClass: organizationalRole
objectClass: pwdPolicy
cn: Password Policy
description: The default password policy
pwdAttribute: 2.5.4.35
pwdLockout: TRUE

BE AWARE that this still only controls passwords set via the LDAP
protocol. If you use slapadd to load your data then the database will get
exactly what is in the ldif file.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

Follow-Ups:
- Re: Modern Password Hashes in Openldap?
  - From: Chris Hiestand <chiestand@salk.edu>

Prev by Date: Re: The problem of BINDDN/BINDPW in ldap.conf (2nd time)
Next by Date: Need help to configure OpenLDAP!!
Index(es):
- Chronological
- Thread