Caislean icon indicating copy to clipboard operation
Caislean copied to clipboard
verified publisher icon equalitie

Change LDAP password encryption scheme to {CRYPT} wherever possible

Open kheops2713 opened this issue 9 years ago • 0 comments

SSHA is salted SHA-1, which is not considered secure. slappasswd can be forced to use crypt with SHA-512 hashing both on Debian 7 and Debian 8.

Commands should be replaced (at least) in roles:

  • openldap wherever a password is generated using slappasswd
  • php-ldap-password where the password is generated using a PHP function

kheops2713 avatar Oct 17 '16 23:10 kheops2713