With eDirectory 9.x an AES 256-Bit tree key can be created to have eDir use AES256 instead of 3DES when encrypting data.
It would be great if diagpwd could display with which algorithm the password of individual users is currently encrypted.
In case you do not want to use "diagpwd -t" to re-encrypt all passwords at once and want to check which/how many user's passwords are already encrypted with the new algorithm. Or in case of some sort of security audit where you need to prove not only that you enabled the new tree key but also that passwords are actually encrypted with it.
Top Comments