Ticket 47462 - Stop using DES in the reversible password
encryption plug-in
Bug Description: DES is not a safe cipher to use for Password Based Encryption(pbe).
AES should be used instead.
Fix Description: Use AES for all new password encodings. AES requires that the
algorithm ID used to encode the password, must also be used to
decode it. So, the algorithm ID is now stored in the cipher prefix:
{AES-<BASE64 encoded alg ID>}<ENCODED PASSWORD>
Since DES is no longer being used, the library has been renamed to a
more apprpriate name:
libdes-plugin -> libpbe-plugin
During upgrades the DES plugin entry has its library path updated
to use libpbe-plugin. The MMR plugin changes its dependency from
DES to AES, and the AES plugin entry is added, and all the password
attributes found in the old DES Plugin are migrated over to the new
AES Plugin entry.
When the server is restarted it checks for any DES passwords in the
database and cn=config. If any are found they are converted to AES,
and the DES plugin is disabled.
Also created a new operation flag: SLAPI_OP_FLAG_IGNORE_UNINDEXED
This flag prevents an internal unnidexed search from being logged
in the "errors" log. When the server starts up it can potentially
do unindexed searches while looking for DES passwords. We don't
want this log "noise" in the errors log everytime the server starts.
https://fedorahosted.org/389/ticket/47462
Design Doc: http://www.port389.org/docs/389ds/design/pbe.html
Valgrind: Passed
Reviewed by: nhosoi(Thanks!)