Module pw-sha2
Created by Greg Noe, last modified on Oct 01, 2015
The pw-sha2 module provides support for stronger SHA2 password hashing schemes in OpenLDAP.
HASHING SCHEMES
The following hashing schemes are made available through the pw-sha2 module:
| Name | Attribute Name | Salted |
|---|---|---|
| SHA-256 | {SHA256} | No |
| SHA-384 | {SHA384} | No |
| SHA-512 | {SHA512} | No |
| SSHA-256 | {SSHA256} | Yes |
| SSHA-384 | {SSHA384} | Yes |
| SSHA-512 | {SSHA512} | Yes |
CONFIGURATION
Adding or modifying the password-hash/olcPasswordHash attribute does not change the currently hashed passwords in the database. The new hashing scheme will apply only to passwords generated via the LDAP Password Modify Extended Operations.
To add pw-sha2 and set an SHA2 scheme as the default for new passwords:
SLAPD.CONF
Add pw-sha2 Configuration
moduleload pw-sha2.la
...
password-hash {SSHA512}Note: Enabling this module requires a restart of slapd.
cn=config
Add pw-sha2 Configuration
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pw-sha2.la
dn: cn=config
changetype: modify
add: olcPasswordHash
olcPasswordHash: {SSHA512}
-