Convert existing openLDAP password from SSHA to SHA-1
Lennart Sorensen
lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Fri Aug 19 19:32:24 UTC 2011
On Fri, Aug 19, 2011 at 03:15:18PM -0400, William Muriithi wrote:
> Agree too. It would be really bad to save then in clear text. We are
> not doing that and do not plan to taking that route.
>
> So, essentially its correct to assume the current password will stay
> in their current form.
They appear to be flagged with their current hash type, so it should
continue to work fine.
> Sorensen raised a good suggestion, change the default openLDAP hashing
> method so that password would be SHA-1 going forward. Would you know
> how one can go about doing that? I am assuming its a line that will
> need to be introduced on slapd.conf but have not figured it from the
> openldap documentation
>
> Thanks again guys for the help.
The docs seem to indicate that the slapd.conf option password-hash does
it, but only for modify operations (like ldappasswd and such). It doesn't
mention what decides it for other things.
--
Len Sorensen
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list