... | ... | @@ -1047,6 +1047,25 @@ at documenting issues with the software and possible alternatives. |
|
|
|
|
|
TODO.
|
|
|
|
|
|
### Possible issues with userdir-ldap
|
|
|
|
|
|
* old cryptographic primitives: SHA-1 is used to hash `sudo`
|
|
|
passwords, MD5 is used to hash user passwords, those hashes are
|
|
|
communicated over OpenPGP_encrypted email but stored in LDAP in
|
|
|
cleartext
|
|
|
|
|
|
* rolls its own crypto: ud-ldap ships its own wrapper around GnuPG,
|
|
|
implementing the (somewhat arcane) commandline dialect. it has not
|
|
|
been determined if that implementation is either accurate or safe.
|
|
|
|
|
|
* the email interface is notoriously picky: it has trouble with
|
|
|
standard OpenPGP/MIME messages and is hard to use for users
|
|
|
|
|
|
* the web interface is showing its age: it's made of old Perl CGI
|
|
|
scripts that uses a custom template format built on top of [WML](https://en.wikipedia.org/wiki/Website_Meta_Language)
|
|
|
with custom pattern replacement, without any other framework than
|
|
|
Perl's builtin `CGI` module
|
|
|
|
|
|
## Goals
|
|
|
<!-- include bugs to be fixed -->
|
|
|
|
... | ... | |