Hi Richard, If I understand correctly, your challenge is that you want to configure the LDAP server of choice to compute SSHA256? And then to have Shiro read in that record, look at the hashed value and then do the comparison?
Best, Les On Mon, Jan 13, 2014 at 8:54 AM, rnmixon <[email protected]> wrote: > A bit more info ... > > We are putting together a small outward facing portal - implementing an > LDAP > directory is part of that effort (we use Microsoft AD for internal users). > > At this point we've written the PHP plugin for our Wordpress site to > authenticate external partners via the LDAP directory and internal > users/employees using our Microsoft Active Directory. I'm doing the same > for > the two Java applications that need to be integrated. > > Currently, I'm trying to meet a new requirement I received last week to use > SSHA256 instead of SSHA and to use a high number of hashing iterations as > Les' article suggested. > > In theory Openldap can do this using the sha2 plugin, but it's been slow > getting it to work - after quite a few years it has not been included in > the > base product's plugin set - and there appear to be some philosophical wars > as to whether more advanced hashes can or should be included in the core > product plugins. > > So at this point I've allocated a day (today) to look at the Fedora 389 > Directory Server and see if it offers a smoother path. So far that seems to > be the case, but I'm not all the way there yet. > > Any thoughts or suggestions on a better path? This is a first step for us - > I'm sure we'll evaluate and reconsider after it's implemented. > > Thank you - Richard > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Implementing-strong-password-hashing-with-Shiro-and-Openldap-tp7579496p7579498.html > Sent from the Shiro User mailing list archive at Nabble.com. >
