>>> "A. Schulze" <[email protected]> schrieb am 26.11.2021 um 23:34 in Nachricht <[email protected]>: > Hello, > > using slapo-ppolicy I could configure slapd to hash a password if it's sent > unhashed. > > moduleload ppolicy.la > moduleload argon2.la > password-hash {ARGON2} > > database mdb > suffix dc=test > ... > overlay ppolicy > ppolicy_default "cn=default,ou=ppolicies,dc=test" > ppolicy_hash_cleartext > > > That work and I could hash them using ARGON2. > > But clients could still hash a password them self and write '{MD5}...' as > userPassword for example. > Is it possible to reject any userPasswords prefixed with hash schema?
But isn't the real question whether clients using MD5 can handle ARGON2? > > Andreas
