[Date Prev][Date Next]
Re: OpenSSL Password hash method.
At 04:23 PM 6/9/00 +0000, Pierrick Hascoet wrote:
>I'm new on this list, and would like to contribute to the OpenLDAP
>I've read the liblutil code source and think that the passwd hash
>method should be implemented with the OpenSSL library which provide a good
>API and lots of supported crypto scheme to do that.
The current code natively supports SHA1 (seeded or not), MD5
(seeded or not), and crypt(3) hashed passwords [as well as
a number of external password stores]. The code could be
extended to support additional hash algorithms and implementations
could be dependent on OpenSSL. However, I rather not depend
the basic hash mechanisms on OpenSSL as this would limit OpenLDAP
to OpenSSL supported platforms
>The dark side of this thing is that some parts of OpenLDAP will be linked
Exactly. We should (and do) use OpenSSL where appropriate, but
OpenLDAP should be able to operate (securely) without OpenSSL.
>But the library would be used next for the SSL and TLS
Already implemented. And I suspect we'll be able to use
alternative TLS implementations as well. OpenSSL is good,
but it's not right for everyone.