|
On 01/15/2014 10:38 AM, Richard Mixon
wrote:
Our plan was to to use SSHA256 to hash the passwords around
200,000 times before storing. This would at least slow down
any cracking attempts should someone get access to our
directory.
I've read through the documentation on the Red Hat
Directory Server site, including the "Plug-in Guide". Under
"5.8 Checking Passwords" it refers to calling function
"slapi_pw_find_sv()" - looking at the doc for this function it
does not look like hashing multiple times is supported.
Is there some means of doing this that is not obvious to
me?
No.
I can certainly do it by re-writing the security plugins for
the various servers (Tomcat, PHP Wordpress, etc) such that
they hash the plaintext password n minus 1 times before
issuing the bind - but was hoping not to do that.
Use of pre-hashed passwords is strongly discouraged and will break
things like sasl and replication.
Does this have anything to do with
https://fedorahosted.org/389/ticket/397?
I'm relatively new to 389 directory server, but so far quite
happy to have moved to it from another directory server.
Thank you - Richard
--
Richard Mixon
Custom Computer Creations, L.L.C.
mobile: (480) 577-6834 office: (480) 614-3442
email: rnmixon@xxxxxxxxxx <mailto: rnmixon@xxxxxxxxxx>
Microsoft Partner ID: 1263725
The messages and documents transmitted with this notice
contain confidential information belonging to the sender. If
you are not the intended recipient of this information, you
are hereby notified that any disclosure, copying, distribution
or use of the information is strictly prohibited. If you have
received this transmission in error, please notify the sender
immediately.
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
