Bug 1258613 - Add PBKDF2 to the list of supported hashing functions in the 389 server
Add PBKDF2 to the list of supported hashing functions in the 389 server
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Noriko Hosoi
Viktor Ashirov
Depends On:
Blocks: 1425907
  Show dependency treegraph
Reported: 2015-08-31 14:41 EDT by Noriko Hosoi
Modified: 2017-08-01 17:10 EDT (History)
3 users (show)

See Also:
Fixed In Version: 389-ds-base-
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-08-01 17:10:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2086 normal SHIPPED_LIVE 389-ds-base bug fix and enhancement update 2017-08-01 14:37:38 EDT

  None (edit)
Description Noriko Hosoi 2015-08-31 14:41:05 EDT
This bug is created as a clone of upstream ticket:

>NIST announces FIPS 202 (the SHA-3 Standard) and FIPS 180-4 in the
Federal Register today.  Please see the Federal Register
Notice<https://federalregister.gov/a/2015-19181> for details and for
NIST's comment resolutions for DRAFT FIPS 202 and DRAFT FIPS 180-4.

Should probably stay ahead of the game instead of waiting until a customer asks us if we support SHA3.
Comment 4 Viktor Ashirov 2017-05-16 10:10:00 EDT
Build tested:

When I'm trying to use an invalid scheme, server outputs the list of supported password hashing schemes:
ldap_modify: Operations error (1)
	additional info: passwordStorageScheme: invalid scheme - SSHA512_TEST. Valid schemes are: CLEAR, CRYPT, MD5, PBKDF2_SHA256, SHA, SHA256, SHA384, SHA512, SMD5, SSHA, SSHA256, SSHA384, SSHA512

PBKDF2_SHA256 is present there.

========================================================== test session starts ==========================================================
platform linux2 -- Python 2.7.5, pytest-3.0.7, py-1.4.33, pluggy-0.4.0 -- /usr/bin/python
cachedir: .cache
metadata: {'Python': '2.7.5', 'Platform': 'Linux-3.10.0-663.el7.x86_64-x86_64-with-redhat-7.4-Maipo', 'Packages': {'py': '1.4.33', 'pytest': '3.0.7', 'pluggy': '0.4.0'}, 'Plugins': {'beakerlib': '0.7.1', 'html': '1.14.2', 'cov': '2.5.1', 'metadata': '1.5.0'}}
DS build:
nss: 3.28.4-6.el7
nspr: 4.13.1-1.0.el7_3
openldap: 2.4.44-4.el7
svrcore: 4.1.3-2.el7

rootdir: /export/tests, inifile:
plugins: metadata-1.5.0, html-1.14.2, cov-2.5.1, beakerlib-0.7.1
collected 1 items 

tickets/ticket397_test.py::test_397 PASSED

------------------------------------- generated xml file: /mnt/tests/rhds/tests/upstream/report.xml -------------------------------------
------------------------------------ generated html file: /mnt/tests/rhds/tests/upstream/report.html ------------------------------------
======================================================= 1 passed in 38.20 seconds =======================================================

Marking as VERIFIED.
Comment 5 errata-xmlrpc 2017-08-01 17:10:21 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.