lists.arthurdejong.org
RSS feed

Re: SHA-2 support

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: SHA-2 support



On Mon, 2010-01-25 at 09:25 +0100, Ondrej Moriš wrote:
> does nss-pam-ldapd support SHA-2 (i.e. SHA 256, SHA 512)?

The PAM module does a simple bind to the LDAP server so any hash that is
supported by the LDAP server is supported by the PAM module.

If you want to expose password hashes through NSS (not recommended) 
currently only crypt-entries are translated into a readable format, 
otherwise the raw userPassword attribute value is returned.

For details on this mechanism see the get_userpassword() function in 
nslcd/common.c [0].

If you can supply a transformation of such a value from userPassword 
format to shadow format this can be easily implemented. The problem is
that both the format of the userPassword attribute and the entry 
suitable for shadow is rather system-dependant.

[0] 
http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd/nslcd/common.c?view=markup

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users