My noobness again but wow passwords in hashes are a problem :) I started off thinking that reversible encryption would be the best way even at the perceived security problems.
To be honest password hashes are not that secure http://www.hashkiller.co.uk/ but hey http://technet.microsoft.com/en-us/library/hh994559(v=ws.10).aspx I guess if reversible password schemes where set on both Ldaps this would make things much easier. I am just looking @ 389 Directory server because I am quite excited by the Kolab 3 groupware offering. I am going to use kolab as the main directory server and would like to sync a samba4 server for windows client authentication and group policies. If I was using a windows server things would be much easier as the password sync in http://directory.fedoraproject.org/wiki/Download "Windows Password Synchronization This is an Active Directory "plug-in" that intercepts password changes made to AD Domain Controllers and sends the clear text password over an encrypted connection (SSL/TLS) to 389 DS to keep the passwords in sync. It works in conjunction with the Windows Sync feature of 389. You must install this on every Domain Controller. Tested with Windows 2008 and 2003 Server 32-bit and 64-bit. Should work on Win 2012." Doh so my choice of Samba4 has turned against me as I presume this would of been my M$ get out jail card. Still the default password policy in 389 Directory Server is a SSHA hashed password so I have the problem in reverse. I just wondered has anybody created and plugins so that 389 Directory Server & OpenLdap can use Unicode-Base64 Password schema's? If the hashes where the same wouldn't this be hash nirvana? Its just a general conversation but if anybody would like to comment as after a bit of googling the most robust solution would be to just use identical hash methods and just wondered how hard could that be? If you have any pointers on this whole maze I would be really appreciative. Stuart. _______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] http://lists.lsc-project.org/listinfo/lsc-users
