[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Passwords, Hashing, and Binds

--On Thursday, August 28, 2014 5:26 PM -0400 Bram Cymet <bcymet@cbnco.com> wrote:


I am storing users passwords in a userPassword attribute. When the
passwords are hashed with MD5 I can bind as the user just fine. If I
hash the password with sha-256 I get invalid credentials.

Is there something I have to change in my client?
Is there something I have to change on the server?

Is binding a user with a password stored with sha-256 (or at least
something better then md5) even possible?

Yes, if you correctly use the passwd contrib module allowing non-RFC hashes.



Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
Zimbra ::  the leader in open source messaging and collaboration