On 02/10/10 04:01, Matt Brookings wrote:
> Initially I had decided upon using the {SMD5} hash scheme, but this
> requires that systems have MD5 support.  The next obvious choice is
> the {CRYPT} scheme, however, OpenLDAP does not compile with this
> feature enabled by default, and without it, the server cannot
> authenticate clients.
> So, to those of you with some experience with OpenLDAP, I'm looking
> for some input on the optimal scheme (or schemes) to implement,
> keeping in mind that the hashed password can (hopefully) be ported to
> the other authentication modules if required, and the OpenLDAP server
> must be able to authenticate against it.
> The original module supported {MD5} and {CRYPT}, and that's what I'm
> leaning towards here.
> Thanks for any input you can provide!

I do not think it is really going to matter too much. You could always
go down the path
of letting the server do the hashing for you, much like pam_ldap does.
Otherwise I
would be happy with MD5, though we also use SSHA .



Reply via email to