Wednesday, July 3, 2024

[389-users] Re: Enable SSHA hashing scheme

Hi William,

I know that. But it would be great if for migration purposes the old hashes would work. I do not know the passwords of all users in the existing tree. What I would like to use afterwards is the
nsslapd-enable-upgrade-hash: on  
feature. So, is there a possibility to support SSHA hashes still on 2.4?

Kind regards,
Ralf


Am Mi., 3. Juli 2024 um 02:33 Uhr schrieb William Brown <wbrown@suse.de>:
Do you actually have a real technical requirement for SSHA? In 2024 it is functionally plaintext, so unless you have a true requirement to use SSHA, then you should follow the secure defaults.

> On 2 Jul 2024, at 22:25, Ralf Spenneberg <rspenneberg@gmail.com> wrote:
>
> Hi there,
> I am trying to update a ldap tree from 389ds 1.3.11 (centos7) to 2.4.5 (almalinux9). After migrating the tree all passwords stop working including the Directory Manager. The old tree used SSHA. Setting the rootpwstoragescheme does not help for the Directory Manager. Only manually resetting the passwords using pwdhash in the dse.ldif file and using a PBKDF2-SHA512 password works. Is there a way to enable the old SSHA scheme?
> Kind regards,
> Ralf
> --
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

--
Sincerely,

William Brown

Senior Software Engineer,
Identity and Access Management
SUSE Labs, Australia

--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

No comments:

Post a Comment