Just had one question regarding the authentication (perhaps this is just a misundertanding). I was reading an issue that someone opened up on January 10th, 2020, asking about the various authentication methods one could use with OpenLDAP.
In that list, you named 'SCRAM-SHA-1' + 'SCRAM-SHA-256'.
Since that was a little while ago, I was curious about SCRAM-SHA-512 (more specifically, SCRAM-SHA-512-PLUS, but I assume that's a given if the server is configured to connect over TLS).
Is that standard possible yet? My assumption was that if SCRAM-SHA-256 is an authentication option, then so is SCRAM-SHA-512 (it just becomes a matter of specifying SHA-512 instead of SHA-256). Also wanted to confirm that theory above about the channel binding being implicitly added with TLS already configured for the LDAP server.
Neustradamus
commented
10 months ago
Hey, great job on this deployment - per usual.
Just had one question regarding the authentication (perhaps this is just a misundertanding). I was reading an issue that someone opened up on January 10th, 2020, asking about the various authentication methods one could use with OpenLDAP.
In that list, you named 'SCRAM-SHA-1' + 'SCRAM-SHA-256'.
Since that was a little while ago, I was curious about SCRAM-SHA-512 (more specifically, SCRAM-SHA-512-PLUS, but I assume that's a given if the server is configured to connect over TLS).
Is that standard possible yet? My assumption was that if SCRAM-SHA-256 is an authentication option, then so is SCRAM-SHA-512 (it just becomes a matter of specifying SHA-512 instead of SHA-256). Also wanted to confirm that theory above about the channel binding being implicitly added with TLS already configured for the LDAP server.