{PATCH] store extra password hashes in supplemental credentials
Andrew Bartlett
abartlet at samba.org
Fri May 5 18:06:26 UTC 2017
On Wed, 2017-04-12 at 16:09 +1200, Andrew Bartlett via samba-technical
wrote:
> Err..
>
> If you could suggest a syntax that you like, we can code it up.
> Options include:
>
> CryptSHA512:5500 CryptSHA256
>
> or probably better:
>
> CryptSHA512:rounds=5500 CryptSHA256
>
> I'm not sure how to fit those in to the attributes for the 'samba-
> tool
> user getpassword' case, but perhaps you have clearer ideas.
I've been chatting to metze and we agreed to the above, but with a new
name:
password hash userPassword schemes = CryptSHA512:rounds=5500 CryptSHA256
For the getpassword, we agreed to
--attributes="virtualCryptSHA256;rounds=5500,virtualCryptSHA512"
The documentation will explain that the rounds is only used if a
plaintext password is present, and does not change the returned
attribute name in the LDIF.
We also agreed that the WDigest implementation patches need to be
second, in a distinct patch, after the WDigset tests.
Then implement the ;rounds for getpassword.
Then the IDL if not required earlier.
Then the userPassword tests, then the C changes, then the userPassword
samba-tool changes.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list