[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SHA-2 support

Quanah Gibson-Mount wrote:
> --On Wednesday, January 16, 2013 7:39 AM +0100 Michael StrÃder
> <michael@stroeder.com> wrote:
>> Quanah Gibson-Mount wrote:
>>> --On Tuesday, January 15, 2013 2:35 PM -0800 Ori Bani
>>> <oribani@gmail.com> wrote:
>>>> Why hasn't the sha2 module been migrated out of the
>>>> contrib directory
>>> The "core" of OpenLDAP tries to be as RFC compliant as possible.  There
>>> is no RFC that I'm aware of that adds SHA2 support.
>> Sorry, this is an artificial argument which is simply not valid!
>> Can you tell me which RFC specifies how to handle LANMAN hashes
>> (--enable-lmpasswd)? There are plenty similar examples...
> OpenLDAP, like many software projects that have existed for numerous years,
> has grown in its development practices.  Just because something was done
> incorrectly in the past is not a reason to continue doing so.

I expected this answer but not that SHA-2 userPassword hashes are mainstream
in other LDAP server and client implementations for quite a while now.

> Feel free to port lanman hashes to a contrib module.

That's not my goal and you know that.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature