Re: {CRYPT} password to {SHA}

[Jeroen van Aart <kroshka@atypon.com>]

Hallvard B Furuseth wrote:
> Though why use SHA instead of the default SSHA (salted SHA)?
> Even CRYPT passwords have a salt.

Googleapps v2 (not my choice) supports SHA-1 with regards to passwords. 
I am trying to make LDAP synchronisation works including synchronising 
passwords. The only other option appears to be plaintext.

> And there ought to be a password expiry policy in place so users
> will need to change old passwords anyway.  If LDAP is your
> authorative store for passwords, see man slapo-ppolicy.

I know about the password policy. It's a bit problematic to implement 
into the existing system. The main issue I remember is that I wanted to 
implement the policy for select groups, ou=People for example, but NOT 
ou=FTPusers or ou=Virtual since those accounts can't readily change the 
password. I couldn't find a way to do that.

Regards,
Jeroen