Do you actually have a real technical requirement for SSHA? In 2024 it is functionally plaintext, so unless you have a true requirement to use SSHA, then you should follow the secure defaults.
> On 2 Jul 2024, at 22:25, Ralf Spenneberg <rspenneberg@gmail.com> wrote:
>
> Hi there,
> I am trying to update a ldap tree from 389ds 1.3.11 (centos7) to 2.4.5 (almalinux9). After migrating the tree all passwords stop working including the Directory Manager. The old tree used SSHA. Setting the rootpwstoragescheme does not help for the Directory Manager. Only manually resetting the passwords using pwdhash in the dse.ldif file and using a PBKDF2-SHA512 password works. Is there a way to enable the old SSHA scheme?
> Kind regards,
> Ralf
> --
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
Sincerely,
William Brown
Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment