[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pserver, PAM/OpenLDAP and SSHA Password Encryption?

From: Thorsten Glaser
Subject: Re: Pserver, PAM/OpenLDAP and SSHA Password Encryption?
Date: Mon, 14 Aug 2017 17:49:03 +0200 (CEST)
User-agent: Alpine 2.20 (DEB 67 2015-01-07)

On Wed, 19 Oct 2016, Jim Seymour wrote:

> We're using OpenLDAP, via PAM, for user credentials.  Some users can log

Explicit PAM support in CVS was dropped in 2:1.12.13+real-5
in Debian, which is in your distro’s CVS package, so CVS
will use the default auth.

> switching our OpenLDAP password storage back to the inferior {CRYPT}
> encryption?

{CRYPT} is not inferiour; in fact, with the new modes (blowfish
via bcrypt in OpenBSD, SHA-256 via glibc in GNU) it’s massively
more secure than a simple {SSHA}.

If using {CRYPT} works for you, then, by all means, use it.

I’m noticing you’re using pserver, which transmits the passwords
in plain over the network anyway. You really ought to use SSH
instead — which would offload the entire authentication to sshd,
and authorisation to Unix user group membership.

tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg


    **Besuchen Sie uns auf der dmexco!**
    13. und 14. September 2017, Messe Köln,** Halle 7.1, Stand E042**
    Digital Marketing Exposition & Conference

    Wir empfehlen unseren Vortrag
    "Wettbewerbsanalyse im Handel: Preisvergleich online und offline"
    am 13. September, 18:00 Uhr im Speaker's Forum / Broadway


    **Visit us at dmexco!**
    September 13th and 14th, 2017, Messe Köln,** Hall 7.1, Booth E042**
    Digital Marketing Exposition & Conference

    We recommend our presentation
    "Competitor analysis in retail: price comparison online and offline"
    on September 13th, at 6 pm at the Speaker's Corner / Broadway


reply via email to

[Prev in Thread] Current Thread [Next in Thread]