[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password hashes



Howard Chu wrote:
Brandon McCombs wrote:
I'm gathering from reading various sites that openldap doesn't allow a person to specify multiple hash algorithms in the slapd.conf file. Is this correct?

Gathering info from various sites around the web is a bad idea, when the info is plainly available in the OpenLDAP documentation, in this case the slapd.conf(5) manpage:


password-hash <hash> [<hash>...]
This option configures one or more hashes to be used in generation of user passwords stored in the userPassword attribute during processing of LDAP Password Modify Extended Operations (RFC 3062).


As usual - it's great that people want to help out and write up their experiences using the software. It would be better if they actually brought their writeups back into the Project (e.g., submissions to ITS) so that they could be checked for accuracy, and eventually merged into the Project's own doc offerings and regularly maintained. The vast majority of 3rd party docs on the web is either outdated and no longer correct, or was never correct in the first place. Until people realize that going off on their own to write something is self-defeating (that goes for both code and documentation) they're only going to do more harm than good. The community works because we all learn from each other and all of our work improves as a result. Working outside of the community will only generate dead ends.
The info I found never explicitly stated either way whether multiple hashes could be listed but since the info I found would only list one hash in the examples I had to assume that multiple hashes weren't allowed since the text wouldn't claim otherwise. I didn't have access to the manpage on my local setup so thanks for the information Howard.