Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.5.5
    • Fix Version/s: 1.5.6
    • Component/s: core
    • Labels:
      None
    • Environment:
      ApacheDS 1.5.5

      Description

      Currently, ApacheDS 1.5.5 authenticates users with passwords stored with following algorithms:

      • (plain text)
      • SHA
      • SSHA
      • MD5
      • SMD5
      • CRYPT

      see class org.apache.directory.server.core.authn.SimpleAuthenticator and enum org.apache.directory.shared.ldap.constants.LdapSecurityConstants.
      Most of them are considered weak. http://www.schneier.com/essay-074.html

      SHA-256 is not directly supported. How about adding it to the list?

        Attachments

          Activity

            People

            • Assignee:
              akiran Kiran Ayyagari
              Reporter:
              szoerner Stefan Zoerner
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: