Bug#988033: slapd-contrib: It would be good to avoid generating sambaLMPassword hashes
Diane Trout
diane at ghic.org
Tue May 4 02:08:40 BST 2021
On Mon, 2021-05-03 at 17:46 -0700, Ryan Tandy wrote:
> Hi Diane,
>
> Yes, the LM hash code has been removed upstream in the 2.5 series.
>
> I don't know if I'd be comfortable removing the code from already
> released packages. One would hope no one actually uses it, but I have
> no
> way to know for sure.
Yes.
I thought about using smbk5pwd but felt like I shouldn't given the LM
password.
If I understood how attributes could get added to the ldap schema it
might make sense to add something to the olcOverlay configuration to
allow disabling the LM password code path?
Maybe something like:
olcSmbK5PwdLMPasswordDisable: TRUE
Diane
More information about the Pkg-openldap-devel
mailing list