Hi,
Am Mittwoch 14 März 2012, 08:59:33 schrieb Stephen Gallagher:
> SSSD is designed to have support for multiple cryptography libraries.
> Originally we build in support for both Mozilla NSS and libcrypto.
> However, over the last several releases, libcrypto support has fallen
> by the wayside and there is now a notable feature disparity between
> versions of SSSD built against Mozilla NSS and versions built against
> libcrypto.
>
> The basic functionality still works (we have support for caching
> credentials using a SHA512 algorithm provided by either library), but
> some of the more advanced features do not.
>
> For example:
> 1. Support for obfuscated passwords in the sssd.conf requires Mozilla
> NSS(*)
> 2. Support for centrally-managed SSH public keys requires a BASE64
> encode/decode routine and in 1.8.2 wil add a SHA1 hash routine. There
> is no equivalent available in libcrypto at this time.
>
> Going forward, the core upstream for SSSD (all of whom run on Fedora
> and RHEL systems which have been consolidated on Mozilla NSS for some
> time) is planning to formally drop support for libcrypto. However,
> we're certainly willing to continue supporting it if someone else is
> willing to own the maintenance on it. Thus, I am CCing the maintainers
> of SSSD in non-Fedora/RHEL distributions that I know of. If anyone
> here is relying on libcrypto support and is willing to take over its
> maintenance, please speak up.
As much as I like to have libcrypto support staying in sssd, I currently
don't have any time left to work on this. So unless somebody else steps
up I guess I'll just have to live with that decision.
> (*) I consider this a misfeature imposed upon us by incompetent
> auditors, but it's still a checkbox on someone's list.
:) Agreed.
regards,
Ralf
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
