PAP: adding support for OpenLDAP and 389ds PBKDF2 passwords

Gerald Vogt vogt at spamcop.net
Fri May 9 05:32:23 UTC 2025 

Hi,

PR#5564 and PR#5576 have been merged. Thanks. And thank you for your 
patience. It took a little to familiarize with git and github again.

Out of curiosity I have also checked the v3.0.x branch. The internal 
dictionary and rlm_pap.c are almost identical to v3.2.x. I have 
cherry-picked the v3.2.x PR commit 
7e0f4fa27156b3fa74ef095703251adc8f371cd0 and it works just as well as in 
v3.0.x.

I know v3.0.x is bug fixes only and the pbkdf2 hashes are not really a 
bug fix although some may disagree. So I leave it to the developers to 
decide whether the lacking support of pbkdf2 support in v3.0.x is a bug 
or just a missing feature. If you want me to set up a PR for v3.0.x just 
let me know.

Another question on customs about updating (commenting) closed issues: 
do you usually comment in older, closed github issues (or pull requests) 
on the same topic posting a pointer to the latest update? For example 
point issue #2649 to the PRs as solution? Let me know if I should do.

Lastly, I think it might be helpful to be able to join freeradius-users 
again in case someone has problems with the added pbkdf2 support, so 
that I could answer them...

Thanks,

Gerald

On 04.05.25 16:49, Gerald Vogt wrote:
> As you have probably noticed, I have created pull request #5564 for the 
> master branch.
> 
> I have pushed some more commits today to implement the legacy pbkdf2 
> hashes using the scheme "{PBKDF2_SHA256}" (underscore instead of dash).
> 
> https://github.com/FreeRADIUS/freeradius-server/pull/5564
> 
> -Gerald
> 
> On 28.04.25 01:56, Alan DeKok wrote:
>> On Apr 27, 2025, at 9:56 AM, Gerald Vogt <vogt at spamcop.net> wrote:
>>> As far as I understand from github community posts this is probably 
>>> because you have blocked me from forking.
>>
>>    Looking back, you were blocked in May 2023 for unhelpful 
>> discussions.  I can unblock you, which will allow you to fork.
>>
>>    Alan DeKok.
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
>> devel.html
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 
> devel.html

More information about the Freeradius-Devel mailing list