Bug#988033: slapd-contrib: It would be good to avoid generating sambaLMPassword hashes

Diane Trout diane at ghic.org
Tue May 4 02:08:40 BST 2021


On Mon, 2021-05-03 at 17:46 -0700, Ryan Tandy wrote:
> Hi Diane,
> 
> Yes, the LM hash code has been removed upstream in the 2.5 series.
> 
> I don't know if I'd be comfortable removing the code from already 
> released packages. One would hope no one actually uses it, but I have
> no 
> way to know for sure.


Yes.

I thought about using smbk5pwd but felt like I shouldn't given the LM
password. 

If I understood how attributes could get added to the ldap schema it
might make sense to add something to the olcOverlay configuration to
allow disabling the LM password code path?

Maybe something like:

olcSmbK5PwdLMPasswordDisable: TRUE

Diane



More information about the Pkg-openldap-devel mailing list