[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Passwords, Hashing, and Binds

To: Bram Cymet <bcymet@cbnco.com>, "openldap-technical@OpenLDAP.org" <openldap-technical@openldap.org>
Subject: Re: Passwords, Hashing, and Binds
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 28 Aug 2014 16:56:37 -0700
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.9.2 edge01.zimbra.com BFF5A44225
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1409270212; bh=HGS8Y5V2Sv76odt7uMK8CtxXk1f57OVLM0wr5XNccbc=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=H7W9JJ87/GC9851z1pb7WzugR0FIYU9UGmIvdHDjzzJYItvWaB7eRIl3sgGV4QvaV hxba4uliu8d10Jj+FoqQY2pc2+0uN5Z6fo3L7ZEVtwz46iVVVPQXF0EyFgdXaVl3AD 3W473niXuvuk3piBq0i44ilzwfnTR6TcgQ41iscE=
In-reply-to: <53FF9080.1050209@cbnco.com>
References: <53FF9080.1050209@cbnco.com>

--On Thursday, August 28, 2014 5:26 PM -0400 Bram Cymet <bcymet@cbnco.com>wrote:

Hi,

I am storing users passwords in a userPassword attribute. When the
passwords are hashed with MD5 I can bind as the user just fine. If I
hash the password with sha-256 I get invalid credentials.

Is there something I have to change in my client?
Is there something I have to change on the server?

Is binding a user with a password stored with sha-256 (or at least
something better then md5) even possible?


Yes, if you correctly use the passwd contrib module allowing non-RFC hashes.

--Quanah


--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Passwords, Hashing, and Binds
  - From: Bram Cymet <bcymet@cbnco.com>

Prev by Date: Passwords, Hashing, and Binds
Next by Date: Antw: Re: keepalive parameter setting in openldap for consumer doesnot work
Index(es):
- Chronological
- Thread