#6857 ipa_pwd.c: Use OpenSSL instead of NSS for hashing
Opened 2 years ago by cheimes. Modified a year ago

Given the fact that FreeIPA no longer uses python-nss and libcurl is moving away from NSS to OpenSSL, it makes sense to remove NSS from ipaclient. Once libxmlrpc_client uses an OpenSSL based libcurl, the password hashing code in ipa_pwd.c is the only dependency that pulls in NSS for client libs.

Possible solutions:
Reimplement the hashing code with OpenSSL
Refactor libutil and move ipa_pwd.c out. The functions ipapwd_generate_new_history and ipapwd_check_policy are not used by client libraries.

Metadata Update from @pvoborni:
- Issue priority set to: minor
- Issue set to the milestone: FreeIPA 4.7
- Issue tagged with: refactoring

2 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)

a year ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

Login to comment on this ticket.