Michael Ströder wrote:
> Emily Backes wrote:
>> It's sounding like the newer and more complicated hashes have a lot of
>> configurable
>> features that may need site-local tuning. Should these be part of e.g.
>> slapd.conf
>> config or be settings embedded in the value format for later clarity, like
>>
>> {HASHNAME:attr=val,attr=val,attr=val}SnVzdCBhbiBleGFtcGxlLCBzaWxseQ==
>
> Somewhat both.
>
> Like in the past the password-hash should allow to set the current local
> security
> policy for setting new passwords but old password values should still be
> valid for
> authentication.This also reminds me of this old RFE: http://www.openldap.org/its/index.cgi?findid=7981 It might be interesting to extend the ITS to also specify the set of password schemes still accepted when processing password validation. Well, this could maybe also be done with value ACLs but... Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
