Bug 1258613

Summary: Add PBKDF2 to the list of supported hashing functions in the 389 server
Product: Red Hat Enterprise Linux 7 Reporter: Noriko Hosoi <nhosoi>
Component: 389-ds-baseAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Viktor Ashirov <vashirov>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: mreynolds, nkinder, rmeggins
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 389-ds-base-1.3.6.1-3.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-01 21:10:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1425907    

Description Noriko Hosoi 2015-08-31 18:41:05 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/389/ticket/48241

>NIST announces FIPS 202 (the SHA-3 Standard) and FIPS 180-4 in the
Federal Register today.  Please see the Federal Register
Notice<https://federalregister.gov/a/2015-19181> for details and for
NIST's comment resolutions for DRAFT FIPS 202 and DRAFT FIPS 180-4.

Should probably stay ahead of the game instead of waiting until a customer asks us if we support SHA3.
Comment 4 Viktor Ashirov 2017-05-16 14:10:00 UTC 
Build tested:
389-ds-base-1.3.6.1-13.el7.x86_64

When I'm trying to use an invalid scheme, server outputs the list of supported password hashing schemes:
[
ldap_modify: Operations error (1)
	additional info: passwordStorageScheme: invalid scheme - SSHA512_TEST. Valid schemes are: CLEAR, CRYPT, MD5, PBKDF2_SHA256, SHA, SHA256, SHA384, SHA512, SMD5, SSHA, SSHA256, SSHA384, SSHA512

PBKDF2_SHA256 is present there.

========================================================== test session starts ==========================================================
platform linux2 -- Python 2.7.5, pytest-3.0.7, py-1.4.33, pluggy-0.4.0 -- /usr/bin/python
cachedir: .cache
metadata: {'Python': '2.7.5', 'Platform': 'Linux-3.10.0-663.el7.x86_64-x86_64-with-redhat-7.4-Maipo', 'Packages': {'py': '1.4.33', 'pytest': '3.0.7', 'pluggy': '0.4.0'}, 'Plugins': {'beakerlib': '0.7.1', 'html': '1.14.2', 'cov': '2.5.1', 'metadata': '1.5.0'}}
DS build: 1.3.6.1
389-ds-base: 1.3.6.1-13.el7
nss: 3.28.4-6.el7
nspr: 4.13.1-1.0.el7_3
openldap: 2.4.44-4.el7
svrcore: 4.1.3-2.el7

rootdir: /export/tests, inifile:
plugins: metadata-1.5.0, html-1.14.2, cov-2.5.1, beakerlib-0.7.1
collected 1 items 

tickets/ticket397_test.py::test_397 PASSED

------------------------------------- generated xml file: /mnt/tests/rhds/tests/upstream/report.xml -------------------------------------
------------------------------------ generated html file: /mnt/tests/rhds/tests/upstream/report.html ------------------------------------
======================================================= 1 passed in 38.20 seconds =======================================================

Marking as VERIFIED.
Comment 5 errata-xmlrpc 2017-08-01 21:10:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2086