apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47162] New: [PATCH] crypto: read/write support for SSHA-1 (salted SHA-1)
Date Wed, 06 May 2009 22:23:05 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47162

           Summary: [PATCH] crypto: read/write support for SSHA-1 (salted
                    SHA-1)
           Product: APR
           Version: HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: APR-util
        AssignedTo: bugs@apr.apache.org
        ReportedBy: bnoordhuis@gmail.com


Section 14.4.1 of the OpenLDAP admin guide:

"This is the salted version of the SHA scheme. It is believed to be the most
secure password storage scheme supported by slapd."

http://www.openldap.org/doc/admin24/security.html#SSHA%20password%20storage%20scheme

Attached are two patches that add read and write support for SSHA-1. We've been
running this code in production for nine months now and with no hiccups, on a
platform with ~120,000 customers.

I imagine the write support belongs further upstream as it patches
support/ht{passwd,dbm}.c, but since it relies on a patched apr-util, I'll post
it here instead.

Why, apart from security, is this useful? I can present at least one use case
(ours): when migrating from LDAP-based authentication to .htaccess
authentication.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org


Mime
View raw message