[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PBKDF2 for OpenLDAP



Thanks for working on that!

I'd really appreciate to see this in contrib/ directory.

You probably should open an ITS following the hints here:

http://www.openldap.org/devel/contributing.html

Ciao, Michael.

Tsukasa HAMANO wrote:
> Hi, 
> 
> I was concerned that OpenLDAP have no modern key derivation function.
> (It seems eglibc's crypt(3) has bcrypt, but it's depends environment)
> So I just implemented PBKDF2 module for OpenLDAP.
> 
> https://github.com/hamano/openldap-pbkdf2
> 
> # Installation
> 
> $ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/
> $ git clone https://github.com/hamano/openldap-pbkdf2.git
> $ cd openldap-pbkdf2/
> $ make
> # make install
> 
> in slapd.conf:
> moduleload pw-pbkdf2.so
> password-hash {PBKDF2}
> 
> # Usage
> 
> $ slappasswd -o module-load=pw-pbkdf2.la -h {PBKDF2} -s secret
> {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw
> 
> This format is compatible with Python's passlib.hash.ldap_pbkdf2_sha1
> http://pythonhosted.org/passlib/lib/passlib.hash.ldap_pbkdf2_digest.html
> 
> And also, I have roadmap to implement {PBKDF2-SHA256} and
> {PBKDF2-SHA512} schemes in the future.
> 
> Could you merge the module into contrib/ directory?
> 
> Thank you.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature