Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#53076 - [openldap] Add passwd/pw-sha2 modules
Attached to Project:
Arch Linux
Opened by JD (Karadoc-V) - Friday, 24 February 2017, 15:38 GMT
Last edited by Jan de Groot (JGC) - Tuesday, 15 August 2017, 11:37 GMT
Opened by JD (Karadoc-V) - Friday, 24 February 2017, 15:38 GMT
Last edited by Jan de Groot (JGC) - Tuesday, 15 August 2017, 11:37 GMT
|
DetailsHello,
There's no package (not official nor in the AUR) for the openldap contribs (as found in https://github.com/openldap/openldap/tree/master/contrib). As OpenLDAP is a major LDAP server, this can lead to major security flaws: OpenLDAP does not support hashes algorithms stronger than SHA1/SSHA1 (it actually can use the system hashes through the CRYPT method, but it is not thread safe). SHA2 (SHA256, SSHA256, SHA512, SSHA512...) support is only available through those official contributions, with the pw-sha2 module. Could you please provide an official package for those openldap-contrib files in the extra repository (and mark it as "optional dependencies" for the main openldap package)? Other major distributions had similar requests and now have such package. Regards, JD |
This task depends upon
Closed by Jan de Groot (JGC)
Tuesday, 15 August 2017, 11:37 GMT
Reason for closing: Implemented
Additional comments about closing: Added sha2 and some other modules without introducing additional dependencies
Tuesday, 15 August 2017, 11:37 GMT
Reason for closing: Implemented
Additional comments about closing: Added sha2 and some other modules without introducing additional dependencies
The module I have interest in is the pw-sha2 module https://github.com/openldap/openldap/tree/master/contrib/slapd-modules/passwd/sha2
But I was wondering if it would not be more interesting to have all those contribs built in a specific package, as others distributions provide.
Regards,
JD