>>> bitsofinfo <[email protected]> schrieb am 04.09.2014 um 20:20 in
>>> Nachricht
<[email protected]>:
> Hi -
> openldap version = 2.4.39
>
> With:
> moduleload pw-sha2.la
>
> I have an application that generates SHA256 b64 encoded hashes w/ a
> 4byte (16bit) salt and stores them in userPassword and binds work fine
>
> When I add this to slapd.conf:
>
> password-crypt-salt-format $5$rounds=1000$%.16s
Isn't that passed to crypt(3) of glibc? If so, the format seems to be
$id$salt$encrypted
And the length of the salt seems to be fixed (86 characters!)
Regards,
Ulrich
>
> And change my application to add 1000 iterations when it writes to
> userPassword, then binds fail
>
> pw in userPassword is generated in this format:
> {SSHA256}b64Encoded(sha256Digest1000Iterations(pw+salt)+salt)
>
> Is "password-crypt-salt-format" the correct place to specify we want to
> use iterations on our hashes? Is this configurable?
