I want to migrate to SSHA encryption scheme for passwords because I know is stronger than MD5 and CRYPT(with salt) schemes.
I wonder if SSHA password encryption scheme is widely supported by many applications.

I have Redhat Enterprise Linux Server 5.2 x86_64
I upgraded samba to version 3.0.33 and openldap to version 2.4.11
I have samba with ldap working, and I do the management with LAM and PLA.
userPassword attribute in ldap is stored in crypt format with salt "$1$%.8s"


I use this applications:
samba-3.0.33 (for user's Windows machines logons and shares)
openldap-servers-2.4.11 (the ldap server itself)
nss_ldap-253-12 (to have command line to some users, users and their password stored in ldap)
postfix-2.3.3-2 (with ldap support, to send *smtp* and receive *pop/imap* email)
squid-2.6.STABLE6-5.el5_1.3 (for user's internet browsing)
ldap-account-manager-2.5 (to manage users and groups)
phpldapadmin-1.1.0.6 (to manage other ldap attributes)


Could I migrate without problems ?
Can all of these applications support the scheme ?
I still haven't found if nss_ldap, squid (through winbind) and postfix support SSHA.

Thanks in advance.
Leandro.

So you're storing all of your info in ldap and all of those services you listed are attempting to bind to LDAP and authenticate using userPassword correct? I don't think it matters how you store your passwords in LDAP, clients simply send a password to LDAP and LDAP says "It's good," or "It's bad." You should have no problem migrating to the salted SHA.

If you really want to be certain, just change one or two accounts to SSHA and see if you can do everything.

I use OpenLDAP 2.4.11 with all SSHA passwords (for the accounts that do use userPassword - most stuff is Kerberos), and have had no problems. I use LDAP as my kerb backend, I use it for NSS, dovecot, and postfix. I don't use Samba, and I don't use any of those LDAP GUI's you mentioned. (I use ldapvi a lot, and also Apache Directory Studio for a lot of things).