Hi everyone,
I'd like to change the default root password storage scheme from PBKDF2_SHA256 to
CRYPT-SHA512 but I'm not having much success. I'm using the RHDS 11 documentation
(
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11...)
as a reference since the 389ds documentation page
(
https://directory.fedoraproject.org/docs/389ds/documentation.html) refers to that as
"The best documentation for use and deployment". The 389ds version is 1.4.4.15
which should correspond with RHDS 11.
What I've tried:
# mkpasswd -m sha512crypt secret
$6$gOiCU3fNsdrH9.mR$fVxsLUf0JLS4wYdQa98VNy7mIy.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/
# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512
nsslapd-rootpw="{crypt}$6$gOiCU3fNsdrH9.mR$fVxsLUf0JLS4wYdQa98VNy7mIy.LkShcdNcJbAFPE.10PKJ7EFD4hB0C33znHyIjgPF67IxNVNKgkKDiuuxQq/"
selinux is disabled, will not relabel ports or files.
Successfully replaced "nsslapd-rootpwstoragescheme"
selinux is disabled, will not relabel ports or files.
Successfully replaced "nsslapd-rootpw"
Which results in me being unable to log in (bind non-anonymously). I've also tried:
# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512
nsslapd-rootpw="{CRYPT-SHA512}$6$gOiCU3fNsdrH9.mR$fVxs..."
and
# dsconf localhost config replace nsslapd-rootpwstoragescheme=CRYPT-SHA512
nsslapd-rootpw="$6$gOiCU3fNsdrH9.mR$fVxs..."
which were also unsuccessful (login not possible).
Setting a `CRYPT-SHA512` password though the 389ds cockpit UI plugin works fine though, so
I'm pretty sure I'm just not getting the syntax for `dsconf` correctly.
Any pointers are greatly appreciated.
Cheers!