Yes, but there should be something stronger. How about moving ./contrib/slapd-modules/passwd/pbkdf2 to core?Yeah at this point we can probably bypass SHA2 and just go straight to SHA3. There's a lot of crypto software out there already using it. pbkdf2 is still using SHA2.
Worthwhile to read over: <https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016>
libsodium's a pretty trivial compile, I added it to Zimbra a while back for another project.
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>