I have an Ubuntu 22.04.3 OS :
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammy
Ubuntu man page says ubuntu 22.4 crypt function supports yescrypt: https://manpages.ubuntu.com/manpages/jammy/en/man5/crypt.5.html, but it says
Provided by: libcrypt-dev_4.4.27-1_amd64
(which seems weird to me as I don't have this package installed, but crypt() seems available)
I have instead package libcrypt1 in version 4.4.27-1:
libcrypt1/jammy,now 1:4.4.27-1 amd64 [installed,automatic]
Here my ldif to activate it:
dn: olcDatabase={-1}frontend,cn=config
replace: olcPasswordHash
olcPasswordHash: {CRYPT}
dn: cn=config
add: olcPasswordCryptSaltFormat
olcPasswordCryptSaltFormat: $y$%.128s
I used here 128 bits of salt knowing that man page says :
Salt size: up to 512 (128+ recommended) bits
If I'm modifying a new password/creating a new one, after decoding my b64 "userPassword" attribute, I have the value {CRYPT}*0
An "olcPasswordCryptSaltFormat" set to "olcPasswordCryptSaltFormat: $6$%.16s" works perfectly. Issue is with yescrypt algorithm.
PS: The link at https://launchpad.net/ubuntu/jammy/amd64/libcrypt1 which gives description about what comes with libcrypt1 package says :
libxcrypt is a modern library for one-way hashing of passwords. It supports DES, MD5, NTHASH, SUNMD5, SHA-2-256, SHA-2-512, and bcrypt-based password hashes
Which is different than what https://manpages.ubuntu.com/manpages/jammy/en/man5/crypt.5.html pretends (yescrypt, gost-yescrypt and scrypt supported). I'm confused. what do i need to replace/install to get yescrypt working with crypt() (used with my OpenLDAP) by default on Ubuntu22.04 ?
EDIT
Okay, well it seems it simply because my crypt function doesn't support yescrypt. Here the test I did:
import crypt
supported_methods = crypt.methods
print(crypt.methods)
Here the output:
[<crypt.METHOD_SHA512>, <crypt.METHOD_SHA256>, <crypt.METHOD_BLOWFISH>, <crypt.METHOD_MD5>, <crypt.METHOD_CRYPT>]
How can I make libcrypt1 to support latest hashing algorithm as yescrypt ?