[Kolab-devel] Password hashing
Martin Konold
martin.konold at erfrakon.de
Thu Mar 31 10:10:33 CEST 2005
Am Mittwoch, 30. März 2005 19:21 schrieb Roland Gruber:
Hi Roland,
> password is hashed with SHA in LDAP.
Yes.
> How flexible is Kolab with password hashes? LAM supports CRYPT, SHA,
> SSHA, MD5, SMD5 and plain text. Will Kolab work with all of them?
Yes, all components work with any hash except that the web admin code has the
hashing algorithm hard coded.
> I think SSHA is the most secure one, maybe you have a special reason for
> using SHA.
No, not really. The point is that we don't gain this much with the extra salt.
> Is the password always stored hashed in LDAP?
Yes.
> E.g. it could be possible
> that kolabd takes plain text passwords on account creation for some
> reason and then hashes the password in a second step.
No. The passwords are write only. The LDAP access rules forbid for reading the
password.
Regards,
-- martin
--
"I am committed to helping Ohio deliver its electoral votes to the
President next year." -- 2004, Wally O'Dell - CEO of Diebold, Inc.
e r f r a k o n - Stuttgart, Germany
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
More information about the devel
mailing list