[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Openldap password problems

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>, jeevan kc <jeev_biz@hotmail.com>
Subject: RE: Openldap password problems
From: Albert Braden <abraden@about.com>
Date: Fri, 15 May 2015 18:02:10 +0000
Accept-language: en-US
Cc: Michael Ströder <michael@stroeder.com>
Content-language: en-US
In-reply-to: <5555B786.2070002@stroeder.com>
References: <BAY178-W28F5C4ED608B4340D6A1A8FDD80@phx.gbl>, <DB9E83819120DD4AC028FC56@[192.168.1.9]> <BAY178-W50693B7028C364F1EA2A77FDD80@phx.gbl> <SN1PR08MB1743E57A854742B4FDE795DDB3D80@SN1PR08MB1743.namprd08.prod.outlook.com> <C3355CC582D7C4A3B1597779@[192.168.1.9]> <5555B786.2070002@stroeder.com>
Thread-index: AQHQjoljZmOcxca+fEm1lm68R2DPLp18OdKAgAACOwCAAANxgIAAAduAgAAFcICAAAFwAIAAuyQAgABRWRA=
Thread-topic: Openldap password problems

This is what I use. I'm not sure this is the highest possible security but it did fix the "ignore anything over 8 characters" issue.

password-hash {CRYPT}
password-crypt-salt-format "$6$%.12s"

-----Original Message-----
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Michael Ströder
Sent: Friday, May 15, 2015 5:08 AM
To: Quanah Gibson-Mount; openldap-technical@openldap.org
Subject: Re: Openldap password problems

Quanah Gibson-Mount wrote:
> Setting the default to {CRYPT} is a security nightmare,

Such a general statement is non-sense without taking a closer look at which 
crypt scheme is really used.

Consult your local crypt(3) man page to see whether crypt schemes like "$6$" 
or "$2b$" are supported on your system which are definitely stronger than 
simple {SSHA}. Then use password-crypt-salt-format to make use of such a crypt 
scheme.

Ciao, Michael.

Follow-Ups:
- Re: Openldap password problems
  - From: Abdelhamid Meddeb <abdelhamid@meddeb.net>

References:
- RE: Openldap password problems
  - From: jeevan kc <jeev_biz@hotmail.com>
- RE: Openldap password problems
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Openldap password problems
  - From: jeevan kc <jeev_biz@hotmail.com>
- RE: Openldap password problems
  - From: Craig White <CWhite@skytouchtechnology.com>
- RE: Openldap password problems
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Openldap password problems
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: RE: Server is unwilling to perform trying to remove an overlay
Next by Date: RE: debugging
Index(es):
- Chronological
- Thread