Greetings all,
I'm pretty new to FreeIPA and would like to know if I can adjust the salt size generated by FreeIPA when using CRYPT-SHA512 as the passwordStorageScheme.
After modifying the cn=config to use CRYPT-SHA512 passwords by default, new passwords are correctly generated using CRYPT-SHA512, however the size of the salt is tiny (only 2 base64 chars or about 12bits). I'd really like to configure FreeIPA to generate a larger salt, but I'm not sure if that's possible.
Just for background on why I've chosen to use CRYPT-SHA512 instead of the standard PBKDF2-SHA256 is because I intend to sync the password hashes in FreeIPA to a system we have that neither supports LDAP or Kerberos: postfixadmin. Postfixadmin supports CRYPT-SHA512 hashes but not PBKDF2-SHA256.
Thanks, Jason