directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DIRSERVER-1375) Support variable length salts for SSHA and SMD5
Date Sat, 13 Jun 2009 09:11:07 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emmanuel Lecharny updated DIRSERVER-1375:
-----------------------------------------

    Fix Version/s: 1.5.5

We wrongly assumed that the Salt was 8 bytes long, when it's can be of variable size. It should
not be a problem to allow shortest Salt to be used in ADS, as the hashed part is always 20
bytes for SHA1 (16 for MD5). it's just a matter of grabbing the rest of the bytes, and consider
it as the salt.

I will implement that right now.

> Support variable length salts for SSHA and SMD5
> -----------------------------------------------
>
>                 Key: DIRSERVER-1375
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1375
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: ldap
>    Affects Versions: 1.5.4
>            Reporter: Stefan Reuter
>             Fix For: 1.5.5
>
>
> ApacheDS requires the salt of SSHA passwords to be 8 bytes. OpenLDAP uses 4 bytes for
the salt. Migrating from OpenLDAP to ApacheDS thus causes problems as users are unable to
bind if their userpassword uses a salted password scheme.
> Please support variable length salts in ApacheDS so it is also possible to bind with
a SSHA (or SMD5) password that contain a 4 byte salt.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message