During the bind process is there anyway to tell 389 directory server to hash a plaintext password n (multiple) times before trying to compare to what is stored?
I am trying to implement something similar to what's described in this article:
http://www.stormpath.com/blog/strong-password-hashing-apache-shiro
I am trying to implement something similar to what's described in this article:
http://www.stormpath.com/blog/strong-password-hashing-apache-shiro
Our plan was to to use SSHA256 to hash the passwords around 200,000 times before storing. This would at least slow down any cracking attempts should someone get access to our directory.
I've read through the documentation on the Red Hat Directory Server site, including the "Plug-in Guide". Under "5.8 Checking Passwords" it refers to calling function "slapi_pw_find_sv()" - looking at the doc for this function it does not look like hashing multiple times is supported.
Is there some means of doing this that is not obvious to me?
I can certainly do it by re-writing the security plugins for the various servers (Tomcat, PHP Wordpress, etc) such that they hash the plaintext password n minus 1 times before issuing the bind - but was hoping not to do that.
I'm relatively new to 389 directory server, but so far quite happy to have moved to it from another directory server.
Thank you - Richard
--
Richard Mixon
Custom Computer Creations, L.L.C.
mobile: (480) 577-6834 office: (480) 614-3442
email: rnmixon@xxxxxxxxxx <mailto:rnmixon@xxxxxxxxxx>
Microsoft Partner ID: 1263725
The messages and documents transmitted with this notice contain confidential information belonging to the sender. If you are not the intended recipient of this information, you are hereby notified that any disclosure, copying, distribution or use of the information is strictly prohibited. If you have received this transmission in error, please notify the sender immediately.
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
