List Info

Thread: Re: (ITS#4837)
Re: (ITS#4837)
country flaguser name
United States		 2007-06-14 16:23:34 
Kurt,

Zimbra has run into this issue in helping a customer who was
running SunDS 
migrate to OpenLDAP.  It does not work at all,
unfortunately.  Changing 
code to use an 8-bit salt does work.

So, I'd be happy to fix this, but a general design question
--

(a) Should this be implemented as a "ssha-salt"
option in slapd.conf

or

(b) Should OpenLDAP try decrypting the password first as a
4-bit salt, and 
then try an 8-bit salt, then fail?

(a) would be fairly portable across many salt settings, but
AFAIK we've 
only hit 4 & 8

(b) would allow mixed salt values to be in userPassword, and
I'd think that 
over time as people changed their passwords, it would allow
the 8-bit salts 
to go away.


Thoughts welcome. 

--Quanah

--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and
collaboration
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )