Bug#988033: slapd-contrib: It would be good to avoid generating sambaLMPassword hashes
Diane Trout
diane at ghic.org
Tue May 4 01:26:26 BST 2021
Package: slapd-contrib
Version: 2.4.47+dfsg-3+deb10u6
Severity: wishlist
Dear Maintainer,
I was looking into keeping unix and samba passwords in sync using smbk5pwd but
the current module generates LM password hashes, and from what I have read
those are considered easily reversable. Additionally windows & samba have been
moving away from using LM passwords for a while and I think the default
configurations have it disabled.
It looks like upstream removed the code to generate the LM hash at some point.
(I didn't check how far back)
Diane
-- System Information:
Debian Release: bullseye/sid
APT prefers testing-security
APT policy: (500, 'testing-security'), (500, 'testing-debug'), (500, 'stable-
debug'), (500, 'testing'), (110, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-5-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages slapd-contrib depends on:
ii libargon2-1 0~20171227-0.2
ii libc6 2.31-11
pn libkadm5srv8-heimdal <none>
ii libldap-2.4-2 2.4.57+dfsg-2
ii libnettle8 3.7.2-3
pn slapd <none>
slapd-contrib recommends no packages.
More information about the Pkg-openldap-devel
mailing list