b84669f Ticket 49421 - Implement password hash upgrade on bind.

Authored and Committed by firstyear 4 years ago
    Ticket 49421 - Implement password hash upgrade on bind.
    
    Bug Description: As time goes on, password hash mechanisms
    change and need to become more resistant to brute force and
    other attacks. However long lived, and service passwords do
    not change frequently - and in fact, frequent password changes
    is a security anti-pattern which is now discouraged.
    
    As a result, it's important to be able to improve the
    cryptographic strength and resitance of our passwords for
    users as time goes on.
    
    Fix Description: We can implement this because during a bind
    operation we have short amount of access to the plaintext
    password - we then use that to upgrade the content of the
    hash. This builds on Emanuel's proof of concept to improve the
    testing of the feature, as well as to avoid updating clear/crypt
    due to potential application integrations.
    
    https://pagure.io/389-ds-base/issue/49421
    
    Author: Emanuel Rietveld <https://pagure.io/user/codehotter>
            William Brown <william@blackhats.net.au>
    
    Review by: mreynolds, mhonek (Thanks!)
    
        
file modified
+7 -1
file modified
+42 -2
file modified
+31 -3
file modified
+2 -0