Hi William, > PBKDF2_SHA256 does not work on EL7 due to a limitation with the NSS > crypto provider. At start up it will drop and error in your logs like > "crypto provider not available" or something. > > It's only available in 1.4.x. on fedora today, and will be supported in > a "future version" for EL. > > The plugin "exists" in 1.3.x because that's where I developed it > (against fedora) at the time, but due to a mistake on my part, I > allowed it to be configured and built on EL7. For that I apologise. this is very interesting to me. We had a discussion on PBKDF2_SHA256 on RHEL 7.4 last autumn: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx/thread/3SPWGFI7JX4V5U4ACOX4P3BSQVF5XEWB/ Does your quote here explain the behavior I saw in our discussion? I'm confused now because we still have the PBKDF2_SHA256 plugin enabled on our servers and the Directory Manager password is actually hashed using PBKDF2_SHA256. It does work and I also cannot find any log messages containing "crypto" or "provider". We are currently using RHEL 7.5 and 389-ds-base 1.3.7.5-19.el7_5. Thanks, Marian _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
