Actions
Bug #3497
closed
The PASSWORDHASH metadata entry does not allow to use glibc-like SHA/MD hashes
Status:
Released
Priority:
1 (highest)
Assignee:
Category:
Techniques
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
First, we should allow SHA-512 hashes.
Then, we should allow the use of GLIBC shadow compatible hashes, like for SHA-512:
$6$SALT$HASH
These hashes should be named:- shadow-md5 / shadow-sha-(level) in the metadata PASSWORDHASH
- "MD5 / SHA-(level) (Shadow)"
Updated by François ARMAND over 11 years ago
- Status changed from New to In progress
That seems to be a really cool use case !
Updated by François ARMAND over 11 years ago
For the ID, I'm going to take the Linux ones, so the names will be: "linux-shadow-md5" etc.
For the salt, I will go for a 8 char among the set [a-zA-Z0-9./]
Updated by François ARMAND over 11 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
Finally, used the implementation given in recent Apache Common-codec.
PR here: https://github.com/Normation/cf-clerk/pull/17
Updated by Nicolas CHARLES over 11 years ago
- Status changed from Pending technical review to Pending release
Updated by Jonathan CLARKE over 11 years ago
- Status changed from Pending release to Released
Updated by Benoît PECCATTE over 9 years ago
- Project changed from 24 to Rudder
- Category changed from Techniques to Techniques
Actions