[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4837)

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4837)
From: quanah@zimbra.com
Date: Thu, 14 Jun 2007 21:23:34 GMT

Kurt,

Zimbra has run into this issue in helping a customer who was running SunDS 
migrate to OpenLDAP.  It does not work at all, unfortunately.  Changing 
code to use an 8-bit salt does work.

So, I'd be happy to fix this, but a general design question --

(a) Should this be implemented as a "ssha-salt" option in slapd.conf

or

(b) Should OpenLDAP try decrypting the password first as a 4-bit salt, and 
then try an 8-bit salt, then fail?

(a) would be fairly portable across many salt settings, but AFAIK we've 
only hit 4 & 8

(b) would allow mixed salt values to be in userPassword, and I'd think that 
over time as people changed their passwords, it would allow the 8-bit salts 
to go away.


Thoughts welcome. :)

--Quanah

--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Prev by Date: Re: (ITS#5014) syncrepl failure syslog
Next by Date: Re: (ITS#4936) default modulepath
Index(es):
- Chronological
- Thread