Re: PBKDF2 for OpenLDAP

[Tsukasa HAMANO <hamano@osstech.co.jp>]

Hi,

Thanks for your advice. I've just opened ITS.
http://www.openldap.org/its/index.cgi?findid=7742

Thank you.

At Fri, 08 Nov 2013 09:04:12 +0100,
Michael StrÃder wrote:
> 
> Thanks for working on that!
> 
> I'd really appreciate to see this in contrib/ directory.
> 
> You probably should open an ITS following the hints here:
> 
> http://www.openldap.org/devel/contributing.html
> 
> Ciao, Michael.
> 
> Tsukasa HAMANO wrote:
> > Hi, 
> > 
> > I was concerned that OpenLDAP have no modern key derivation function.
> > (It seems eglibc's crypt(3) has bcrypt, but it's depends environment)
> > So I just implemented PBKDF2 module for OpenLDAP.
> > 
> > https://github.com/hamano/openldap-pbkdf2
> > 
> > # Installation
> > 
> > $ cd <OPENLDAP_BUILD_DIR>/contrib/slapd-modules/passwd/
> > $ git clone https://github.com/hamano/openldap-pbkdf2.git
> > $ cd openldap-pbkdf2/
> > $ make
> > # make install
> > 
> > in slapd.conf:
> > moduleload pw-pbkdf2.so
> > password-hash {PBKDF2}
> > 
> > # Usage
> > 
> > $ slappasswd -o module-load=pw-pbkdf2.la -h {PBKDF2} -s secret
> > {PBKDF2}60000$Y6ZHtTTbeUgpIbIW0QDmDA$j/aU7jFKUSbH4UobNQDm9OEIwuw
> > 
> > This format is compatible with Python's passlib.hash.ldap_pbkdf2_sha1
> > http://pythonhosted.org/passlib/lib/passlib.hash.ldap_pbkdf2_digest.html
> > 
> > And also, I have roadmap to implement {PBKDF2-SHA256} and
> > {PBKDF2-SHA512} schemes in the future.
> > 
> > Could you merge the module into contrib/ directory?
> > 
> > Thank you.
> 

-- 
Open Source Solution Technology Corporation
HAMANO Tsukasa <hamano@osstech.co.jp>
fingerprint = 2285 2111 6D34 3816 3C2E  A5B9 16BE D101 6069 BE55