Re: SHA-2 support
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: SHA-2 support
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: SHA-2 support
- Date: Mon, 25 Jan 2010 17:41:14 +0100
On Mon, 2010-01-25 at 09:25 +0100, Ondrej Moriš wrote:
> does nss-pam-ldapd support SHA-2 (i.e. SHA 256, SHA 512)?
The PAM module does a simple bind to the LDAP server so any hash that is
supported by the LDAP server is supported by the PAM module.
If you want to expose password hashes through NSS (not recommended)
currently only crypt-entries are translated into a readable format,
otherwise the raw userPassword attribute value is returned.
For details on this mechanism see the get_userpassword() function in
nslcd/common.c [0].
If you can supply a transformation of such a value from userPassword
format to shadow format this can be easily implemented. The problem is
that both the format of the userPassword attribute and the entry
suitable for shadow is rather system-dependant.
[0]
http://arthurdejong.org/viewvc/nss-pam-ldapd/nss-pam-ldapd/nslcd/common.c?view=markup
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users