A bit more info ... We are putting together a small outward facing portal - implementing an LDAP directory is part of that effort (we use Microsoft AD for internal users).
At this point we've written the PHP plugin for our Wordpress site to authenticate external partners via the LDAP directory and internal users/employees using our Microsoft Active Directory. I'm doing the same for the two Java applications that need to be integrated. Currently, I'm trying to meet a new requirement I received last week to use SSHA256 instead of SSHA and to use a high number of hashing iterations as Les' article suggested. In theory Openldap can do this using the sha2 plugin, but it's been slow getting it to work - after quite a few years it has not been included in the base product's plugin set - and there appear to be some philosophical wars as to whether more advanced hashes can or should be included in the core product plugins. So at this point I've allocated a day (today) to look at the Fedora 389 Directory Server and see if it offers a smoother path. So far that seems to be the case, but I'm not all the way there yet. Any thoughts or suggestions on a better path? This is a first step for us - I'm sure we'll evaluate and reconsider after it's implemented. Thank you - Richard -- View this message in context: http://shiro-user.582556.n2.nabble.com/Implementing-strong-password-hashing-with-Shiro-and-Openldap-tp7579496p7579498.html Sent from the Shiro User mailing list archive at Nabble.com.
