--On Friday, March 10, 2023 9:00 AM +0100 Stefan Kania
<ste...@kania-online.de> wrote:
Am 09.03.23 um 20:49 schrieb Quanah Gibson-Mount:
--On Thursday, March 9, 2023 7:51 PM +0100 Stefan Kania
<ste...@kania-online.de> wrote:
Another strange thing about passwords on the same machine. As I told you
before, we switch to ssha as paswordhash.
SSHA is rather insecure. The Symas OpenLDAP builds ship with ARGON2
support which is advised to use. I've no idea how you are "changing
the password via LDIF". Generally one should be using an LDAP v3
password modify operation for user accounts so that the server
generates it automatically if it's been properly configured.
I know, starting with OpenLDAP2.5 I (normaly) only use argon2, but as I
have written before argon2 let the OpenLDAP crash as soon as I try to
authenticate with an argon2 password. I can only switch to argon2 as soon
as I know why and how to handel the problem
Ok. I still don't know what 'changing the password via LDIF' means though.
:)
--Quanah
