On 02/10/10 04:01, Matt Brookings wrote:
Initially I had decided upon using the {SMD5} hash scheme, but this
requires that systems have MD5 support. The next obvious choice is
the {CRYPT} scheme, however, OpenLDAP does not compile with this
feature enabled by default, and without it, the server cannot
authenticate clients.
So, to those of you with some experience with OpenLDAP, I'm looking
for some input on the optimal scheme (or schemes) to implement,
keeping in mind that the hashed password can (hopefully) be ported to
the other authentication modules if required, and the OpenLDAP server
must be able to authenticate against it.
The original module supported {MD5} and {CRYPT}, and that's what I'm
leaning towards here.
Thanks for any input you can provide!
I do not think it is really going to matter too much. You could always
go down the path
of letting the server do the hashing for you, much like pam_ldap does.
Otherwise I
would be happy with MD5, though we also use SSHA .
Shane
!DSPAM:4ca97f9632711015916219!
