--On Tuesday, January 7, 2020 11:25 PM +0100 Michael Ströder
<michael@stroeder.com> wrote:
> AFAICS RFC 3112 was never implemented in OpenLDAP. Thus I'd consider
> this to be rather irrelevant here.
Incorrect, it's clearly implemented in slapd. Whether it's enabled is a
different question, as it's IFDEF'd behind SLAPD_AUTHPASSWD. ;)
In any case, I've been advocating for several years now to get rid of SSHA
as the default hashing mechanism and replace it with something that may
actually have some security value.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>