https://bugs.openldap.org/show_bug.cgi?id=10215
Issue ID: 10215
Summary: [QUESTION] FIPS Validated password hashing
Product: OpenLDAP
Version: 2.4.54
Hardware: All
OS: All
Status: UNCONFIRMED
Keywords: needs_review
Severity: normal
Priority: ---
Component: libraries
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Hi! we are in process of a certification, and we are using openldap of ubuntu
pro fips 20.04, that its the 2.4.54
At some point the auditor ask us, how the passwords are stored into ldap, and
we found this:
https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/passwd/sha2
seems that that module do not use a FIPS validated library like "openssl" that
comes with ubuntu fips. and make it's own implementation of the sha512.
Is there any ldap module that uses the openssl library of the SO that in this
case its the openssl 1.1.1f to hash its passwords?, could be this
https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/passwd/pbkdf2
maybe if i'm understanding right?
thx!
--
You are receiving this mail because:
You are on the CC list for the issue.
