[PROPOSAL] Add tests for supplementalCredentials, store other hash types

Andrew Bartlett abartlet at samba.org
Tue Apr 4 06:24:34 UTC 2017

On Mon, 2017-04-03 at 16:09 +1200, Andrew Bartlett via samba-technical
> G'Day Metze,
> I just wanted to give you a heads-up that Gary (CC'ed) is working on
> the issue I raised almost a year ago, regarding storing the sha512
> hashes rather than the plaintext password under GPG.
> In preparation for that, tomorrow he will send in some tests to lock
> in
> the base-line behaviour of supplementalCredentials, including the
> digest values, then a small re-factor so that we can practically add
> additional packages.
> I'm sorry I don't have code to show right now, but our design is to
> store a new package named Primary:userPassword{SHA512} (or {SHA265}),
> following from the OpenLDAP use of rfc2307 in this area.  Perhaps
> Microsoft may even be encouraged to do the same some day!  
> Storage will for Samba be controlled by an smb.conf option.
> The idea will be to re-use and extend your syncpasswords work to
> expose
> these to users needing access. 

This work progresses well, and some of the patches have already been

The work in progress so far is at


Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list