[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: {CRYPT} password to {SHA}

Hallvard B Furuseth wrote:
Though why use SHA instead of the default SSHA (salted SHA)?
Even CRYPT passwords have a salt.

Googleapps v2 (not my choice) supports SHA-1 with regards to passwords. I am trying to make LDAP synchronisation works including synchronising passwords. The only other option appears to be plaintext.

And there ought to be a password expiry policy in place so users
will need to change old passwords anyway.  If LDAP is your
authorative store for passwords, see man slapo-ppolicy.

I know about the password policy. It's a bit problematic to implement into the existing system. The main issue I remember is that I wanted to implement the policy for select groups, ou=People for example, but NOT ou=FTPusers or ou=Virtual since those accounts can't readily change the password. I couldn't find a way to do that.