Issue 6269 - RFE - Add nsslapd-pwdPBKDF2Rounds configuration to PBKDF2-* plugins #6447
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
droideck
added
the
work in progress
Firstyear
reviewed
Dec 12, 2024
src/plugins/pwdchan/src/lib.rs
Outdated
| const MAX_PBKDF2_ROUNDS: usize = 1_000_000; | ||
|
|
||
| const PBKDF2_ROUNDS_ATTR: &str = "nsslapd-pwdPBKDF2Rounds"; | ||
| static PBKDF2_ROUNDS: Lazy<RwLock<usize>> = Lazy::new(|| RwLock::new(DEFAULT_PBKDF2_ROUNDS)); |
There was a problem hiding this comment.
Consider using https://doc.rust-lang.org/std/sync/atomic/struct.AtomicUsize.html with Ordering::Relaxed
There was a problem hiding this comment.
I just realized we need to make the PBKDF2_ROUNDS a HashMap, as we might use different values in different schemes.
Do you know what the best option for our case is?
I found dashmap option Lazy<DashMap<MessageDigest, usize>> or we can make a RwLock HashMap like this RwLock<HashMap<MessageDigest, usize>>...
And I think there can be more...
There was a problem hiding this comment.
Okay, I tried a few approaches (even Rust's generics...), and I think the one in the last commit will work the best.
It's the simple AtomicUsize variables - one for each digest.
tbordaz
reviewed
Dec 12, 2024
tbordaz
reviewed
Dec 12, 2024
droideck
force-pushed
the
rust-pbkdf2-add-param
branch
3 times, most recently
from
d1025bd to
2f0db06
Compare
…2-* plugins Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This was password hashing round value can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Fixes: 389ds#6269 Reviewed by: ?
droideck
force-pushed
the
rust-pbkdf2-add-param
branch
from
2f0db06 to
3603e54
Compare
|
Okay, it's ready for the final review! Design doc: 389ds/389ds.github.io#17 Please check! Thank you! |
droideck
removed
the
work in progress
progier389
reviewed
Dec 20, 2024
dirsrvtests/tests/suites/password/pbkdf2_upgrade_plugin_test.py
Outdated
Show resolved
Hide resolved
|
Changes are made, please, review |
droideck
force-pushed
the
rust-pbkdf2-add-param
branch
from
6496b99 to
802fb91
Compare
tomato42
reviewed
Jan 2, 2025
tomato42
reviewed
Jan 2, 2025
droideck
force-pushed
the
rust-pbkdf2-add-param
branch
from
d4ec94a to
9156f11
Compare
Firstyear
approved these changes
Jan 7, 2025
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
droideck
added a commit
that referenced
this pull request
Jan 8, 2025
…2-* plugins (#6447) Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in PBKDF2-* password storage plugin entries. This is a password hashing round value that can be adjusted. Certain compliance requirements (like from BSI) require specific hashing round values greater than what we currently provide. Add CLI, Web UI option, and CI tests. Increase DEFAULT_PBKDF2_ROUNDS to 100_000. Fixes: #6269 Reviewed by: @Firstyear, @progier389, @tbordaz (Thanks!!!)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description: Add nsslapd-pwdPBKDF2Rounds attribute that can be configured in
PBKDF2-* password storage plugin entries. This was password hashing round value can be adjusted.
Certain compliance requirements (like from BSI) require specific hashing round values greater than
what we currently provide.
Fixes: #6269
Reviewed by: ?