This is what I use. I'm not sure this is the highest possible security but it
did fix the "ignore anything over 8 characters" issue.
password-hash {CRYPT}
password-crypt-salt-format "$6$%.12s"
-----Original Message-----
From: openldap-technical [mailto:[email protected]] On
Behalf Of Michael Ströder
Sent: Friday, May 15, 2015 5:08 AM
To: Quanah Gibson-Mount; [email protected]
Subject: Re: Openldap password problems
Quanah Gibson-Mount wrote:
> Setting the default to {CRYPT} is a security nightmare,
Such a general statement is non-sense without taking a closer look at which
crypt scheme is really used.
Consult your local crypt(3) man page to see whether crypt schemes like "$6$"
or "$2b$" are supported on your system which are definitely stronger than
simple {SSHA}. Then use password-crypt-salt-format to make use of such a crypt
scheme.
Ciao, Michael.
