[PROPOSAL] Add tests for supplementalCredentials, store other hash types
Andrew Bartlett
abartlet at samba.org
Tue Apr 4 06:24:34 UTC 2017
On Mon, 2017-04-03 at 16:09 +1200, Andrew Bartlett via samba-technical
wrote:
> G'Day Metze,
>
> I just wanted to give you a heads-up that Gary (CC'ed) is working on
> the issue I raised almost a year ago, regarding storing the sha512
> hashes rather than the plaintext password under GPG.
>
> In preparation for that, tomorrow he will send in some tests to lock
> in
> the base-line behaviour of supplementalCredentials, including the
> HTTP
> digest values, then a small re-factor so that we can practically add
> additional packages.
>
> I'm sorry I don't have code to show right now, but our design is to
> store a new package named Primary:userPassword{SHA512} (or {SHA265}),
> following from the OpenLDAP use of rfc2307 in this area. Perhaps
> Microsoft may even be encouraged to do the same some day!
>
> Storage will for Samba be controlled by an smb.conf option.
>
> The idea will be to re-use and extend your syncpasswords work to
> expose
> these to users needing access.
This work progresses well, and some of the patches have already been
posted.
The work in progress so far is at
http://git.catalyst.net.nz/gw?p=samba.git;a=shortlog;h=refs/heads/gary-
password-hash
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list