On Thu, Mar 9, 2023 at 1:52 PM Stefan Kania <[email protected]> wrote: > > Another strange thing about passwords on the same machine. As I told you > before, we switch to ssha as paswordhash. The server works. But now we > start to create new passwords with "slappasswd", we are getting a > {SSHA}<hash>. But when change the password via ldif. The password is > never valid. We did it several times, and it's always the same. But when > changing passwords via LDAP account manager, the password works, them > when creating the SSHA-password with: > https://projects.marsching.org/weave4j/util/genpassword.php > > The OpenLDAP-Server runs on a vmWare vm with the following CPU > ------------- > processor : 0 > vendor_id : GenuineIntel > cpu family : 6 > model : 45 > model name : Intel(R) Xeon(R) CPU E5-2630 0 @ 2.30GHz > stepping : 7 > microcode : 0x713 > cpu MHz : 2294.250 > cache size : 15360 KB > physical id : 0 > siblings : 1 > core id : 0 > cpu cores : 1 > apicid : 0 > initial apicid : 0 > fpu : yes > fpu_exception : yes > cpuid level : 13 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm > constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable > nonstop_tsc cpuid pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic > popcnt tsc_deadline_timer aes xsave avx hypervisor lahf_lm pti ibrs ibpb > stibp tsc_adjust arat arch_capabilities > bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass > l1tf mds swapgs itlb_multihit mmio_unknown retbleed > bogomips : 4588.50 > clflush size : 64 > cache_alignment : 64 > address sizes : 43 bits physical, 48 bits virtual > power management: > ------------- > Any idea? A log time ago I read something about problems with Entropy in > vmWare but I can't remember what it was. Could this be my problem with > argon2 and slappasswd?
This is interesting (in a morbid sort of way)... Intel Ark says your CPU has AVX2 (https://ark.intel.com/content/www/us/en/ark/products/83356/intel-xeon-processor-e52630-v3-20m-cache-2-40-ghz.html), but the avx2 flag is missing in: > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx rdtscp lm > constant_tsc arch_perfmon pebs bts nopl xtopology tsc_reliable > nonstop_tsc cpuid pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic > popcnt tsc_deadline_timer aes xsave avx hypervisor lahf_lm pti ibrs ibpb > stibp tsc_adjust arat arch_capabilities I'm guessing (and it is just a guess), you are getting into the AVX2 code paths at https://git.symas.net/symas-public/libargon2/-/blob/master/src/opt.c . I would rebuild libargon, and set OPTTARGET=x86_64. Jeff
