Am 27.11.21 um 00:50 schrieb Michael Ströder:
> On 11/26/21 23:34, A. Schulze wrote:
>> using slapo-ppolicy I could configure slapd to hash a password if
>> it's sent unhashed. > [..]
>> overlay ppolicy
>> ppolicy_default "cn=default,ou=ppolicies,dc=test"
>> ppolicy_hash_cleartext
>> [..]
>> That work and I could hash them using ARGON2.
>> [..]
>> Is it possible to reject any userPasswords prefixed with hash schema?
>
> See slapo-ppolicy(5) for attribute 'pwdCheckQuality'.
I set pwdCheckQuality=2 and the system behave in the desired manner.
Thanks for the hint!
Andreas
