You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Stefan Reuter (JIRA)" <ji...@apache.org> on 2009/06/12 17:34:07 UTC
[jira] Created: (DIRSERVER-1375) Support variable length salts for
SSHA and SMD5
Support variable length salts for SSHA and SMD5
-----------------------------------------------
Key: DIRSERVER-1375
URL: https://issues.apache.org/jira/browse/DIRSERVER-1375
Project: Directory ApacheDS
Issue Type: Improvement
Components: ldap
Affects Versions: 1.5.4
Reporter: Stefan Reuter
ApacheDS requires the salt of SSHA passwords to be 8 bytes. OpenLDAP uses 4 bytes for the salt. Migrating from OpenLDAP to ApacheDS thus causes problems as users are unable to bind if their userpassword uses a salted password scheme.
Please support variable length salts in ApacheDS so it is also possible to bind with a SSHA (or SMD5) password that contain a 4 byte salt.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DIRSERVER-1375) Support variable length salts for
SSHA and SMD5
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSERVER-1375:
-----------------------------------------
Fix Version/s: 1.5.5
We wrongly assumed that the Salt was 8 bytes long, when it's can be of variable size. It should not be a problem to allow shortest Salt to be used in ADS, as the hashed part is always 20 bytes for SHA1 (16 for MD5). it's just a matter of grabbing the rest of the bytes, and consider it as the salt.
I will implement that right now.
> Support variable length salts for SSHA and SMD5
> -----------------------------------------------
>
> Key: DIRSERVER-1375
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1375
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Affects Versions: 1.5.4
> Reporter: Stefan Reuter
> Fix For: 1.5.5
>
>
> ApacheDS requires the salt of SSHA passwords to be 8 bytes. OpenLDAP uses 4 bytes for the salt. Migrating from OpenLDAP to ApacheDS thus causes problems as users are unable to bind if their userpassword uses a salted password scheme.
> Please support variable length salts in ApacheDS so it is also possible to bind with a SSHA (or SMD5) password that contain a 4 byte salt.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (DIRSERVER-1375) Support variable length salts for
SSHA and SMD5
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny reassigned DIRSERVER-1375:
--------------------------------------------
Assignee: Emmanuel Lecharny
> Support variable length salts for SSHA and SMD5
> -----------------------------------------------
>
> Key: DIRSERVER-1375
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1375
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Affects Versions: 1.5.4
> Reporter: Stefan Reuter
> Assignee: Emmanuel Lecharny
> Fix For: 1.5.5
>
>
> ApacheDS requires the salt of SSHA passwords to be 8 bytes. OpenLDAP uses 4 bytes for the salt. Migrating from OpenLDAP to ApacheDS thus causes problems as users are unable to bind if their userpassword uses a salted password scheme.
> Please support variable length salts in ApacheDS so it is also possible to bind with a SSHA (or SMD5) password that contain a 4 byte salt.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (DIRSERVER-1375) Support variable length salts for
SSHA and SMD5
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny resolved DIRSERVER-1375.
------------------------------------------
Resolution: Fixed
Fixed in http://svn.apache.org/viewvc?rev=784354&view=rev
> Support variable length salts for SSHA and SMD5
> -----------------------------------------------
>
> Key: DIRSERVER-1375
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1375
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Affects Versions: 1.5.4
> Reporter: Stefan Reuter
> Assignee: Emmanuel Lecharny
> Fix For: 1.5.5
>
>
> ApacheDS requires the salt of SSHA passwords to be 8 bytes. OpenLDAP uses 4 bytes for the salt. Migrating from OpenLDAP to ApacheDS thus causes problems as users are unable to bind if their userpassword uses a salted password scheme.
> Please support variable length salts in ApacheDS so it is also possible to bind with a SSHA (or SMD5) password that contain a 4 byte salt.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (DIRSERVER-1375) Support variable length salts for
SSHA and SMD5
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny closed DIRSERVER-1375.
----------------------------------------
> Support variable length salts for SSHA and SMD5
> -----------------------------------------------
>
> Key: DIRSERVER-1375
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1375
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Affects Versions: 1.5.4
> Reporter: Stefan Reuter
> Assignee: Emmanuel Lecharny
> Fix For: 1.5.5
>
>
> ApacheDS requires the salt of SSHA passwords to be 8 bytes. OpenLDAP uses 4 bytes for the salt. Migrating from OpenLDAP to ApacheDS thus causes problems as users are unable to bind if their userpassword uses a salted password scheme.
> Please support variable length salts in ApacheDS so it is also possible to bind with a SSHA (or SMD5) password that contain a 4 byte salt.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.