{PATCH] store extra password hashes in supplemental credentials

Andrew Bartlett abartlet at samba.org
Fri May 5 18:06:26 UTC 2017

On Wed, 2017-04-12 at 16:09 +1200, Andrew Bartlett via samba-technical

> Err..
> If you could suggest a syntax that you like, we can code it up. 
> Options include:
> CryptSHA512:5500 CryptSHA256
> or probably better:
> CryptSHA512:rounds=5500 CryptSHA256
> I'm not sure how to fit those in to the attributes for the 'samba-
> tool
> user getpassword' case, but perhaps you have clearer ideas.

I've been chatting to metze and we agreed to the above, but with a new

password hash userPassword schemes = CryptSHA512:rounds=5500 CryptSHA256

For the getpassword, we agreed to 


The documentation will explain that the rounds is only used if a
plaintext password is present, and does not change the returned
attribute name in the LDIF.

We also agreed that the WDigest implementation patches need to be
second, in a distinct patch, after the WDigset tests.  

Then implement the ;rounds for getpassword. 

Then the IDL if not required earlier. 

Then the userPassword tests, then the C changes, then the userPassword
samba-tool changes. 


Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list