Skip to content
Permalink
Browse files

[debops.slapd] Increase number of SHA-512 rounds

  • Loading branch information...
drybjed committed Oct 6, 2019
1 parent df4f6f0 commit 203cace50f1ee0713263d6ea426f3f24b91009d0
Showing with 4 additions and 1 deletion.
  1. +3 −0 CHANGELOG.rst
  2. +1 −1 ansible/roles/debops.slapd/defaults/main.yml
@@ -231,6 +231,9 @@ General
the :ref:`posixGroupId LDAP schema <slapd__ref_posixgroupid>`. This should
improve performance in UNIX environments connected to the LDAP directory.

- The number of rounds in SHA-512 password hashes has been increased from 5000
(default) to 100001. Existing password hashes will be unaffected.

:ref:`debops.sshd` role
'''''''''''''''''''''''

@@ -523,7 +523,7 @@ slapd__default_tasks:
- name: 'Configure password salt format used by the crypt(3) hash function'
dn: 'cn=config'
attributes:
olcPasswordCryptSaltFormat: '$6$%.16s'
olcPasswordCryptSaltFormat: '$6$rounds=100001$%.16s'
state: 'exact'

- name: 'Set the cn=config database root credentials'

0 comments on commit 203cace

Please sign in to comment.
You can’t perform that action at this time.