build slapd-sha2 module for strong passwords
Bug #1347954 reported by
Adrian Bridgett
This bug report is a duplicate of:
Bug #1033096: request to have sha2 module in contrib included in package.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openldap (Debian) |
Confirmed
|
Unknown
|
|||
| openldap (Ubuntu) |
Triaged
|
Undecided
|
Unassigned | ||
Bug Description
out of the box, the strongest password encryption supported is SSHA (seeded SHA-1) which isn't really very good these days.
The best answer appears to be to compile up the contrib/slapd-sha2 module.
https:/
Revision history for this message
| Ryan Tandy (rtandy) wrote | #1 |
| Changed in openldap (Debian): | |
| status: | Unknown → Fix Committed |
Revision history for this message
| Adrian Bridgett (adrian-bridgett) wrote | #2 |
| Changed in openldap (Ubuntu): | |
| status: | New → Triaged |
| Changed in openldap (Debian): | |
| status: | Fix Committed → Confirmed |
To post a comment you must log in.
This is pending for the Debian package and will eventually get merged into Ubuntu. If you use cn=config, note that setting olcPasswordHash to a scheme provided by a module will prevent slapd from starting, since cn=module is processed later; this is unfixed upstream.
Until pw-sha2 lands, you may want to look into {CRYPT}.